Employees: Your First Line of Defense Against Advanced Targeted Attacks

targetted attacksAdvanced targeted attacks are persistent, high-tech attacks aimed at a specific organization with the purpose of gaining access to valuable information. These attacks can lead to the loss of valuable data as well as financial information and even impede the organization’s ability to operate. Although advanced targeted attacks come in many forms, they all use the same tactics.

The most common tactic is social engineering. Social engineering is an attempt to persuade people to reveal sensitive information or to download harmful software. As this is the first stage of any attack, your first line of defense, when it comes to your organization, is employee education.

Are Advanced Targeted Attacks a Real Problem?

According to eWeek, most businesses are unprepared to prevent advanced targeted attacks. Based on a study conducted by ResearchNow, half of surveyed companies had experienced a loss of data due to intrusion within the past year. Approximately 84 percent of executives surveyed also indicated that they believe their organizations were vulnerable to advanced targeted attacks.

However, despite this awareness, the majority of polled organizations were admittedly relaxed in their approach to network security. In fact, four out of five respondents said their company would certainly benefit from adopting a more rigid style of prevention, consisting chiefly of employee education.

Create Employee Education Programs

The most devastating attacks in today’s technological landscape target your people, systems and vulnerabilities. A multi-faceted approach is recommended by most experts, consisting of sophisticated intrusion detection software, thorough endpoint protection — and comprehensive employee education.

Creating an employee education program is vital to your continued security. A rigorous training program should contain these elements:

  • Stress the Importance of Protecting the Company’s Data: The most important aspect of any training program is helping employees understand the impact that any sort of data loss can have, both on themselves as well as the company.
  • Inform Them of Common Social Engineering Attempts: Educate your employees about what exactly social engineering consists of. Most successful attempts trick employees, either by instant messaging or email, into allowing an attacker network access. This is typically done by installing the requested program or application that contains malware. The malware will act as a back door for the attacker. Newer methods of social engineering involve the use of popular social networking sites. An attacker may pose as a friendly person and attempt to gain information about the company. They may also suggest you download an app to your smartphone that will access the corporate network when you use your device at work.
  • Provide Thorough Training About Bring Your Own Device (BYOD) programs: BYOD programs are sweeping the corporate world. Employee-owned laptops, smartphones and tablets are now widely permitted access to corporate networks in lieu of company-provided devices. While there are numerous cost-cutting benefits to these programs, they also present a new risk to the network. In addition to the use of mobile device management security software, all employees who wish to participate in a BYOD program should undergo extensive training on the responsible use of their devices. Primarily, they should be told what apps can be installed, how the corporate network can be used, plus the safe storage and deletion of company data.

Protect Your Data by Protecting Your Employees

Your employee education program is the most important element of your approach to protecting against advanced targeted attacks. Start creating your employee education program today, and administer it regularly to provide continued protection against evolving social engineering attempts. An employee education program is worth the time it takes to develop, implement and maintain. Additionally, it protects the individual data of your employees, which may be accessed in the initial stages of an attack.