How Businesses Risk Everything by Relying on Staff to Keep Ransomware Out

Sophisticated malicious emails continue to creep into every inbox, every day. Yet many employees still don’t know enough to spot an unsecure website, and 13 percent of them click on URLs that could hide malware. And, while experts recommend training staff to sniff out phishing campaigns and other cyber threats, they also advise not to rely on staff to keep hackers out.

Most studies documenting employee behavior with regards to cyber security paint an unsettling picture. Staff, typically an organization’s first line of defense against cyberthreats, use the same passwords for work and personal accounts, click on links before verifying their origin, and use personal devices for work and work devices for personal affairs. While the general public is becoming increasingly versed in cyber speak, many are still in complete darkness about threats like ransomware – today’s #1 menace for businesses big and small.

A new study on employee awareness and the tendency towards risky online behavior shows that employees engage in several practices that can open the door to bad actors to infiltrate company systems and compromise data by deploying malware such as ransomware.

According to Spanning Cloud Apps’ research, 55 percent of employees click links they don’t recognize, 45 percent would allow a colleague to use their work computer, and 34 percent can’t identify an unsecure ecommerce site. 13 percent of employees will click on short URLs that typically offer no clue as to their origin or contents.

These risky practices are generally what leads to ransomware attacks. Bad actors take advantage of unwary employees to deploy malware and wreak havoc. Ransomware authors can deal millions of dollars’ worth of damages to their victims, and some businesses even risk bankruptcy in the face of such an attack.

“The results of this survey should be instructive to IT leaders at organizations of all sizes,” said Brian Rutledge, Principal Security Engineer, Spanning. “It only takes one…one employee, one email, one ransomware attack. The results show that even though employees know basic risks associated with strange looking emails and web pages, they lack a deeper understanding of how their online behaviors put business data at risk.”

Another disconcerting finding: some 20 percent of workers reported that they share passwords over text or email, a practice that is highly frowned upon. Risky online behavior and a lack of awareness were particularly acute in healthcare, education and government organizations. For example, over 60 percent of government workers would allow a colleague to use their work computer.

“For organizations in highly-targeted industries, such as government and healthcare, leadership teams must have measures in place to quickly restore data and not rely on employees to keep hackers out,” Rutledge concluded.