Users – The Weakest Link in Business Security Systems?

By Mustafa Obousy.

Employees are proposed to be possibly the weakest link in a business in terms of its’ security system, as they are most liable to hacking schemes – as they are usually targeted through emails and attachments which could potentially bring down the reputation of a business eventually leading to organisation failure.

A liability to the system

Employees could be considered a threat to the security system in businesses, as they are most liable to fall for hacking and phishing scams, which substantially are distributed through emails containing vast links or attachments. Although workers have been proven to be a great asset, they can also be deemed a liability due to the loosely affiliated cybercriminals that have made a business off of scamming individuals – thus the amount of data breaches has been exponentially increasing over the years, as in 2017 there have been 1,000 data breaches – compromising just under 2 billion records compared to only 784 data breaches in 2016 (Ismail, 2018), by 2019 the number of data breaches had expanded to 5,134 (Henriquez, 2019).

Hacking and Phishing scams

Phishing scams are essentially a fraudulent method of obtaining information such as account credentials and credit details through disguising themselves as a trusted entity over electronic communication, hence with the use of employee information the hacker can get into the users’ network and hence possibly sabotage the system. There has been an upsurge in scams over the years – whom certain individuals have made a profit out of vulnerable users – with the rise of the internet in recent times this has become more common. The most common types of phishing methods are spearfishing and whaling. Both including manipulating user information. Whaling includes targeting anyone in an organisation, and harpooning their information – if this attack is proven successful then they can conduct CEO fraud – this is when they can abuse the compromised email account to authorise fraudulent wire transfers to the institution. In spearfishing, this includes impersonating your target user including his name and address, subsequently to expedient the victim into clicking on a malicious URL or attachment to hand over potential data for the company – this can lead to a sabotage of the system or the theft of intellectual property or money.

How to protect your employee

An employee has the potential to be a security asset to a company, however, some tools are needed to be obtained to protect your company and fight cybercrimes. Thus, the employee must receive training to detect emails to preserve the organisation from malicious software; such as, carrying out authorised penetration testing which can be used to help alert the user for potential threats and how to spot them, authorised penetration testing include an attack assessment, in which a penetrator sends a genuine phishing email impersonating a well-known social media company, using their name, email etc. – the email is designed to impersonate the trusted corporation or third party, the targeted phishing user must observe whether or not this is a genuine email or a phishing attempt. Emails with malicious intentions usually have inaccurate domain names, typos in their email/username; such as misused capital letters or full stops when unnecessary, which is rarely done by professional companies (King, 2019 ). However, if there are further suspicions of authenticity- you can detect phishing attempts within the email by identifying dodgy links, or you will receive threats to spur you into action, such as threatening to close your account or ban you if you do not click on the link provided.

Security systems impact on business

The breaching of a security system can compromise a business – bringing up issues such as business disruption and reputation damage, potentially damaging an organisation significantly. Business disruption is an innovation creating a new market and value network which eventually disrupts the current market and network and hence a possible displacing of current brands, firms and alliances. This is a problem for the business as different types of disruption requires different types of strategic approaches. Thus if we handle this incorrectly, such as a failure of integrating insights from subsequent research the manager may use the wrong tools for the problem, thus reducing the success chances. The failure to sort out business disruption could bring up issues such as reputation damage. Reputation damage is essentially how a business responds to a disruption, it is important to respond to disruption appropriately to protect the reputation of the business and avoid damage to your organisation. This may include a loss of customers or products and services – To circumvent this, you could provide extra protection to your cybersecurity system such as to educate your employee on cybersecurity practices and constantly update your security system. Further methods to deal with reputation risk is to have a plan when disruption takes place – to meet a requirement, such as how to deal with your employee and changes to made to a business, with intentions to prevent further damage to the organisation and prevent encompassing the risk of organisation failure.

However, despite the drawbacks of the employee towards a company, they do also make an important asset in business – hence, to maintain company security they would have to undergo further staff training to protect themselves from phishing, as these scams could endanger the company and its assets.

Henriquez, M. (2019). The Top 12 Data Breaches of 2019.

Ismail, N. (2018). Why Employees are a Businesses Weakest Link.