You may think that your company can prevent an intruder from entering your door - but chances are that at least one of your employees is more likely to invite hackers for coffee.
Indeed, despite years of scary tactics, most companies still have no idea how to manage a "scary" incident in cyberspace, according to a penetration tester who claims that his team never failed to get passwords from various companies.
Indeed, Michael Connory, CEO of Security In Depth (SID), says the easiest way to get an employee to share a username and password is simply to "send an email and ask for the username and password. him password of".
Most companies have no protection beyond usernames and passwords - so only credentials these are shared, the door is wide open for cybercriminals to access internal email systems, document repositories, confidential documents and the rest of the network.
"People just don't have the understanding, knowledge or training to be able to recognize when someone is trying to mislead them," Connory says.
A recent survey of 300 Australian SMEs conducted by Gartner's Capterra subsidiary highlighted its scope. problem.
More than 13% of respondents said they have been victims of online phishing (Phishing), while over 9% were unsure.
However, only 39% of respondents knew who to contact their company for data security issues, privacy or compliance - and that 37% of staff said they had not received any training on how to keep data secure.