Your Biggest Data Security Risk Is…

Updated 11/13/2021


It’s nearly time to start decking the halls, and what will your employees be doing? Shopping and checking their personal emails while on the company network. 

Your Biggest Security Risk

Thanks to the pandemic, the global attack volume increased 151 percent during the first six months of the year (citation).  

And since most company’s still have their employees working from home, either full-time or part-time, they are vulnerable to phishing schemes, Business Email Compromise scams, and malware attacks.  

Additionally, due to supply chain issues, many organizations still have their work-from-home employees using personal devices rather than company issued devices, which is another security concern. The reason is due to the lack of control or visibility into the health and security of their device, i.e.,  

  1. Do they have paid anti-virus/anti-malware? (A must have for both Windows and Mac machines). 
  2. Do they have their Window’s Updates turned on? 
  3. Do they refresh and install pending updates regularly? (Important for both Windows and Mac machines). 

Your employees are likely multi-tasking during work hours, distracted by children, pets, parents, and spouses, and doing their everyday and holiday shopping while at home and on their “unsecured” devices.  

Assuming too that your employees VPN into the company network, there is a chance that their unsecured devices or poor cyber-hygiene could infect the company network. 

According to a national survey conducted by Harris Poll, “…about half of workers said they would be spending at least some work time holiday shopping, and of this group 42 percent will spend more than an hour or more shopping online while at work."(citation) 

Regardless of whether they’re at home or at the office, it’s likely that some of their time will be spent doing their online shopping, checking their favorite shopping websites and their personal email accounts

Email Scams 3.0 

Email scammers are very sophisticated. The latest wave of fraudulent emails are meant to look like your employee’s favorite vendor

Like this email sent from a fake Amazon account.


Look at the cleverly disguised the email address. Your employee unwittingly opens the email, clicks the link, and “bam” your network is infected. 

VPN Will Not Protect Your Company Network 

Surely, you’ve heard of the importance of having your remote employees VPN into your network.  

The benefit of using VPN is that it creates an encrypted private connection between your employee’s home or other remote location and the office. This creates a secure tunnel between the employee’s computer and the VPN server, which hides their online activity and location (citation). allowing for data to flow safely from between devices by hiding your employees location and browsing activities from cyber criminals. 

However, a VPN may not protect your network from malware. If your employee’s personal device has a malware virus, that virus can be transmitted from their device into the company’s network.  

Data and cyber security require a multi-layered approach that includes implementing a cybersecurity program, employee training, and technology that is specific to your business needs.  

3 Tips for Protecting Your Company During the Holidays 

  1. No shopping or checking personal emails while logged into the company network and/or on a company issued device.  
  2. When receiving an email from a favorite retail outlet to check the sender address carefully by hovering their mouse over it.  
  3. Never download an invoice that they didn’t ask specifically expect to receive.  

9 Most Common Phishing Subject Lines to Watch Out For 


  1. Password Check Required Immediately 
  2. Mastercard: Confirmation: Your One-Time Password 
  3. Facebook: Your account has been temporarily locked 
  4. Google: Take action to secure your compromised passwords 
  5. Microsoft: Help us protect you – Turn on 2-step verification to protect your account 
  6. Docusign: [xxx] requests you to sign Mandatory Security Training documents 
  7. Internship Program 
  8. IT: Remote working missing updates 
  9. HR: Electric Implementation of new HRIS