The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Who Is The Weakest Link?
11 April 2019 | Updated 14 May 2019

According to Sophos, 70% of internet users have the same password for almost all the web services they use - and there are groups of businesses and individuals who are the worst. Who are they?

With easy to identify passwords, it is no surprise that cyber-criminals go ‘phishing’ for account details (be that bank or social media) and then get in (and lock the user out) with just a few clicks.

By its nature, phishing and malware attacks work by impersonating someone the recipient knows and trusts.

To explore the subject further, digital marketing agency Reboot Digital Marketing Agency analysed the latest findings found within the report ‘Protecting the People: A quarterly analysis of highly targeted cyber attacks’ by ProofPoint to gain a better understanding of who is most at risk of cyber-attacks globally.

Predictably, as a group of individuals within departments ‘Lower-level employees’, such as customer service representatives, were subject to 67% of highly targeted attacks, with those in marketing, public relations and human resources accounting for nearly 20% of all phishing and malware attacks.



However, given that upper management accounts for a smaller proportion of businesses, it suggests that those in C-level positions, directors and department managers may be targeted disproportionately more often.

 ‘Contributors’ were found to represent 40% of the most targeted employees within an organisation. Thereafter ‘Management’ (27%), ‘Upper Management’ (27%), and ‘Executive’ employee’s make up 6% of the most highly targeted emails.



Interestingly, when considering which industries are targeted the most by email fraud, ‘Pharmaceutical drug manufacturers’ came out on top with 71 highly targeted attacks per company over a period of three months, as per the findings of the report, on average. Closely followed by ‘Construction’ with 61 attacks per company and thereafter, ‘Real estate’ with an average of 54 attacks per organisation.

As a result, Reboot Digital Marketing Agency has gathered five top tips for avoiding malware and phishing scams when at work:


Know what to look for

Pay close attention to attachments, advertisements and pop-up alerts, ensuring you only open what you trust. Train users to spot malicious emails and websites by knowing what to look out for.


Avoid unsolicited links and attachments

Most commonly, you should know the sender of an email and trust the source it is coming from. If unsure, go with the assumption that it is best to avoid opening emails from an unknown source/sender altogether. And although a lot of companies employ malware scanning features, you shouldn’t be solely reliant on this.


Turn off email HTML

Adding HTML can sometimes automatically run malware scripts within an email once it has been opened. For this reason, you may choose to disable it, lowering the risk of an attack.


Scan external drives

Many USB and external hard-drives can hold malware and spread across the workplace onto other computers. To be extra vigilant, it is recommended that you scan all external devices with anti-virus software each time you connect an external portal to a computer.


Regularly change your password:

Though this may seem obvious, it is easy to forget to regularly update your passwords or be reluctant to do so in fear of forgetting them. However, for security purposes it is good practice to change your passwords every 90 days.

With thanks to

Picture: The most targeted employees.

Article written by Brian Shillibeer | Published 11 April 2019


Related Articles

Interserve Fined £4.4m for Failure to Keep Staff Details Secure

The UK’s IT security watchdog has fined Interserve for breaching data protection law and failing to prevent a cyber attack. The Information Commissioner’s...

 Read Full Article
NHS IT Services Supplier Victim of Ransomware Attack

It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...

 Read Full Article
Smart Buildings at Increased Risk of Cyber Attacks, Says Verdantix

The operational technology that powers connected devices across building systems is providing more entry points for cyber criminals to exploit, says research and advisory...

 Read Full Article
Cybersecurity – Are Smart Buildings and its Data Vulnerable to Malware Attacks?

As more and more of a building’s functions are automated and controlled via smart technology systems, has cybersecurity been an afterthought? In 2020, Boris...

 Read Full Article
Working Securely Online – Cyber Hygiene

With more people working on the internet outside of monitored business networks, the risks of compromising company and personal data are increased. Concentration is...

 Read Full Article
More Global FM Firms Hit By Cyber Attacks

EMCOR Group and Bouyges are the latest FM companies targeted by malicious software attacks.  The website of EMCOR Group, the global providers of facility...

 Read Full Article
World Education Not Taking Cyber Threat Cost Seriously

The 2019 Global DNS Threat Report has revealed the education sector is one of the most heavily targeted industries for cyber attacks - and yet invests very little to stop...

 Read Full Article
Is BYOD Creating A GDPR Risk For Your Business?

Does your Bring Your Own Device (BYOD) stance have the potential to create risks relating to data protection or breaches, as a result of staff using a single smartphone...

 Read Full Article
Crown Prosecutions Service Prosecuted - And Other GDPR-type Convictions

You could hardly make it up but the Crown Prosecutions Service has been fined after losing victim interview videos - PLUS a variety of convictions including a...

 Read Full Article
Gangsters' Paradise Leads To Jail Terms For Business Phishing Scam

Gangsters who altered business emails to rip-off more than £1 million have gone to jail. Two members of the Nigerian organised crime group who committed the fraud...

 Read Full Article