While it may be easy to believe that cyber attacks happen to large companies with lots of employees, it turns out that’s only half true. While 50 percent of cyber attacks happen with companies that have over 2,501 employees, the other 50 percent are a mix of 2,500 or less. Companies with one to 250 employees are most likely of the smallest companies to risk cyber attacks, according to a study completed by Symantec Corporation.
What Kind of Company is Most Likely to be Cyber Attacked?
According to 2012 results from Symantec Corporation, manufacturing companies lead the pack by 24 percent for the biggest target for small businesses. The other results were 19 percent finance, insurance and real estate; 17 percent non-traditional services; 12 percent government; 10 percent energy and utilities; 8 percent professional services; 2 percent aerospace, retail and wholesale; and 1 percent transportation, electric and gas.
What Positions Get Hit the Hardest by Cyber Attacks?
Between 2011 and 2012, some job roles were less likely than others to have cyber attacks. The top three most popular job accounts to be attacked in 2011 were the chief executive or board level member, sales staff and employees with shared mailbox systems. In 2012, research and development gained in attacks while chief executives and sales staff were still in the top three category.
Why are these Positions and Companies under Attack?
Although businesses may be more likely to emphasize to employees to not accidentally expose public information or computer theft, the ratio for both is 23 to 40 percent compared to hackers figuring out how to get into small business systems. Insider theft (9 percent) and fraud (1 percent) are the least likely to happen. So how do attacks happen? If companies do not properly warn or train their employees against suspicious e-mails, it is too easy to click on virus links that affect the entire system. A simple Microsoft Outlook e-mail from a “co-worker” with what looks like a company e-mail address could be seen as a normal e-mail. Instead of management hoping that employees do not click on these links or sending another e-mail to inform them not to, it may be a better idea to get the attention of each management team to contact the people who report to them. It would take much longer to contact each person individually and/or hope that they click on the senior-level manager’s e-mail before the hacker’s e-mail. Making sure middle management staff is savvy with virus alerts helps, too.
What Else Should Management Warn Workers About?
While every organization is different, employees who are permitted to visit personal sites should be made aware of which ones are okay to visit. Blocking certain websites are well within the company’s rights, including social media sites where a larger group of people send links on a regular basis. Attackers not only profile company e-mail accounts and websites. They also look for weaknesses on each IP address, study what websites the computer user from that IP address frequents and tries to find flaws. By inserting JavaScript or HTML codes onto a redirected page, the employee who clicks a random link is immediately vulnerable to cyber attacks. Once a hacker can access the computer, they’re able to get into more confidential information.
Banning employees from every potential site that could cause harm is a bit unrealistic. While business owners can make employees sign agreements that sites they visit may be monitored, that may not stop every employee from visiting banned sites anyway. It is a better idea to equip each employee from a small business with the necessary tools to be on the lookout for hackers and avoid the expenses trying to fix the technical issue later.
Informational Credit to Vital Records Control