Employees Require Increased Email Security Awareness
Recent research from Glasswall reveals that employees’ lack of security awareness while opening email attachments is putting businesses at risk, HelpNet Security reports. As a result, organizations may increase their exposure to cyberattacks, ransomware and zero-day threats.
Security Awareness Gaps
Glasswall surveyed 2,000 office workers in mid- to large-scale businesses across the U.S. and found that while sophisticated social engineering attacks and phishing emails have increased, 83 percent of users still open email attachments if they appear to come from a known contact, and 44 percent of these respondents say they open attachments every time they receive one. This lack of security awareness makes employees more vulnerable to opening malicious email code found in common file types like Word, Excel, PDF and PowerPoint.
Perhaps even more alarming is the way users treat unknown attachments. Although 75 percent of workers can recognize when they receive suspicious emails, 62 percent of them don’t check to determine the legitimacy of the email attachments they receive. And according to HelpNet Security, 58 percent of Glasswall respondents say they usually open attachments from senders they don’t know, and a worrisome minority (15 percent) always or usually trust email attachments sent from unknown people. Despite the fact that numerous cyberattacks are launched against businesses each year, only 33 percent of respondents believe there are threatening emails in circulation.
The most common types of suspicious email attachments are invoices, delivery notes and presentations, according to Glasswall. This puts workers in a vulnerable position, as they often depend on opening and sending this type of information in order to do their jobs.
“Employees need to trust their emails to get on with their work, but with 94 percent of targeted cyberattacks now beginning with malicious code hidden in an email attachment, the security of major businesses should no longer be the responsibility of individual office workers,” said Greg Sim, CEO of Glasswall, according to HelpNet Security.
“Conventional antivirus and sandboxing solutions are no longer effective, and relying on the vigilance of employees clearly leaves a business open to devastating cyberattacks that will siphon off precious data or hold the business to ransom,” Sim added.
The security awareness campaigns organizations currently have in place may not be robust enough to thwart cyberthreats.
“This research confirms anecdotal evidence that although security awareness campaigns have their place, all too often they fail to equip workers with effective strategies for protecting data and systems,” said University of Oxford Professor Andrew Martin, according to HelpNet Security. “Technology that’s fit for purpose reduces risks without placing added burdens on those simply trying to do their jobs.”
The Glasswall study concludes that with the proper technology, training and instruction, as well as support from senior executives, organizations can provide a safer environment for their employees and mitigate cyberattack risk.