Which of Your Employees Could Expose your Organization?

Dec 13, 2017 | Security-GRC | 0 comments

The rise of spear phishing has allowed cybercriminals to customize their attacks to specific departments, teams, and employees within any organization. These cybercriminals know your company inside and out, they are looking to focus their attacks in order to prompt a click, a download or even to prompt an employee to reveal your company’s secret sauce.

So, if these bad guys want to get more bang for their buck who are they targeting?

The BIG Fish – Yeah, you already know your execs aren’t immune to phishing attacks. But they aren’t alone. Hackers know the ins and outs of your org chart. They know sometimes they can’t get to the “big fish” until they break through the guard. In your organization, the guard is the coveted executive assistant.

The executive assistant is likely doubling as a superhero in the office. While juggling all the behind-the-scenes scheduling and phone call screening, they often know the ins and outs of the “big fish’s” schedule, passwords and business documents. Who wouldn’t want to hack them if they hold the keys to the kingdom?

The Email Over-loader – Every office has that one person that floods your inbox with unimportant emails. One day it could be a slew of cat photos, the next – perpetual emails that could have been summed up in a total of one email. Whatever the case may be, if this person is flooding your email and expecting you to read everything they send, imagine what they do when they are flooded with emails. Can you say easy target?

The MillennialAccording to “Get Safe Online” Millennials are twice as likely to fall for phishing attacks than that of their older counter-parts.
Not only are they more apt to fall for these phishing attacks, they are consuming more content on more platforms the hackers LOVE to use as vehicles for their attack methods. Think about it, millennials are multitasking, doing what they can to get their work done, but they’re also scouring social media all day.


In fact, cybercriminals are baiting employees to click on phishing links through phony social media posts.

The Sales Guy – Salespeople are always chasing the next sale. If a hacker knows how to catch a sales guy, they’ll likely catch them with a phony promise of the next big deal. Let’s face it, if your job and compensation depended on a big close from prospective customers, wouldn’t you reply quickly to any incoming email or phone call?

Spear phishers can target salespeople by mimicking a prospective customer and telling them that they need to visit a site or download a file because it’s part of the buying process. It only takes one click for your company to get attacked.

So now you know what to look out for, how do you avoid that one click that could expose your company’s precious gems?

Here’s three tips that could save you from being the next Equifax:

  • Amp up employee training – You have a TON of options, from running periodic faux phishing scams to developing a full-on training program. Your organization is only as good as its weakest link and your weakest link can’t help if they aren’t trained.
  • Identify high-risk users and intervene – Implement a good spam filter and track your employees’ activity. Heck, you can even run a fake phishing test every couple of weeks, if the same employees are falling subject to the scam, they may need more training.
  • Adapt Adapt Adapt – There are new attack types daily and tools to protect your organization. If you don’t know what tools are out there to help, call us we can help you choose the right tools, develop a program and/or even run vulnerability tests to help.

Think about the most important piece of data to your company. If you were an outsider, how would you get to it? Would you use one of these targets? (And if you want some help…ASMGi will test your vulnerability for you or develop a training program.)

View/Add comments


<script type="text/javascript" src="//platform.linkedin.com/in.js"></script><script type="in/share" data-counter="top"></script> <a href="https://twitter.com/share" class="twitter-share-button" data-via="ASMGi_CLE">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^https:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>

Navigate the blog