几年前, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous To Business As Hackers And Cybercriminals.” From the perspective of the business, you might think that’s simply inaccurate. Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk.
然而,很多员工都会这样做,而且几乎都是无意的. Your employees aren’t thinking of ways to compromise your network or trying to put malware or ransomware on company computers, 但这确实发生了. One Kaspersky study found that 52% of businesses recognize that their employees are “their biggest weakness in 澳门博彩论坛安全.”
这种弱点从何而来? It stems from several different things and varies from business to business, 但很大程度上取决于员工的行为.
人为错误
澳门博彩资讯都会犯错. 不幸的是,有些错误可能会造成严重的后果. 举个例子:一名员工收到了老板发来的电子邮件. The boss wants the employee to buy several gift cards and then send the gift card codes to them as soon as possible. The message may say, “I trust you with this,” and work to build urgency within the employee.
问题是它是假的. 骗子使用的电子邮件地址与经理的邮件地址相似, 主管或其他公司领导可能使用. 这是个网络钓鱼骗局,而且很管用. 虽然这并不一定会在内部损害您的it安全, 它展示了员工知识的差距.
另一个常见的例子, 同样通过电子邮件, is for cybercriminals to send files or links that install malware on company computers. The criminals once again disguise the e-mail as a legitimate message from someone within the company, 一个供应商, 一家员工可能熟悉的银行或其他公司.
正是这种熟悉感会让员工犯错. 罪犯所要做的就是增加一种紧迫感, 员工可能会不假思索地点击链接.
粗心大意
这种情况发生在员工不假思索地点击链接时. It could be because the employee doesn’t have training to identify fraudulent e-mails or the company might not have a comprehensive 澳门博彩论坛安全 policy in place.
另一种形式的粗心大意是不安全的浏览习惯. 当员工浏览网页时, whether it’s for research or anything related to their job or for personal use, 他们应该总是以最安全的方式这样做. Tell employees to avoid navigating to “bad” websites and to not click any link they can’t verify (such as ads).
糟糕的网站是相当主观的, but one thing any web user should look for is “http” at the beginning of any web address. “s”表示该站点是安全的. 如果没有“s”,网站就缺乏适当的安全性. 如果你把敏感数据输入那个网站, 比如你的名字, 电子邮件地址, 联系方式或财务信息, you cannot verify the security of that information and it may end up in the hands of cybercriminals.
另一个粗心大意的例子是糟糕的密码管理. It’s common for people to use simple passwords and to use the same passwords across multiple websites. If your employees are doing this, it can put your business at a huge risk. If hackers get ahold of any of those passwords, who knows what they might be able to access. 严格的密码策略对每个企业来说都是必须的.
化弱为强
The best way to overcome the human weakness in your 澳门博彩论坛安全 is education. An 澳门博彩论坛安全 policy is a good start, but it must be enforced and understood. 员工需要知道哪些行为是不可接受的, 但他们也需要意识到存在的威胁. They need resources they can count on as threats arise so they may be dealt with properly. 和当地人一起工作 MSP or 澳门博彩论坛 services firm may be the answer – they can help you lay the foundation to turn this weakness into a strength.
澳门博彩资讯 安排您的免费安全评估.
