Serg Nvns - Fotolia
From a hacker's perspective, an executive is the highest-value target to hunt. Among the reasons for this, executives are privy to the most important and confidential trade secrets a business possesses.
In addition, executives typically have application access privileges far greater than those granted to lower-level employees. To that end, hackers exploit these accounts by electronically impersonating the executive to gain even more access through the use of social engineering, specifically in terms of a type of phishing called whaling, which targets C-level executives or celebrities. Lastly, executives by and large tend to be the worst security procedure offenders.
It is precisely because of these reasons, among others, that security awareness training for executives is so important. Not only should the training include the typical topics all other employees are schooled in, but executives should also learn about other potential attacks specific to their role within the organization.
Spies can cost businesses billions
In many cases, espionage agents specifically seek to target executives they believe are not well-versed on how to protect themselves. This includes executives who do not follow proper procedures routinely when handling data. Other times, they target execs with ubiquitous social media profiles. Spies can use this type of information as part of spear phishing scams or in traditional blackmail tactics.
The potential security pitfalls associated with corporate travel -- especially overseas -- is another area that calls for security awareness training for executives.
When executives travel to foreign countries, they must understand that they could become major targets for foreign governments and corporate competitors. It's crucial that they take extra precautions when traveling and using corporate-owned devices. This includes ensuring all laptops, smartphones and documents are always in their possession, as well as generally refusing to trust anyone with any type of sensitive information.
Additionally, security awareness training for executives who travel abroad should highlight security tactics and technologies tailored to decrease the likelihood of any data being stolen. This includes the use of burner phones, virtual desktop infrastructures and enterprise mobility management tools.
Dig Deeper on Security awareness training and insider threats
Related Q&A from Andrew Froehlich
Prevention is the only line of defense against an extortionware attack. Learn how extortionware works and why it can be more damaging than ransomware. Continue Reading
An IAM system introduces risks to the enterprise, but the consensus is the benefits of IAM outweigh the drawbacks. What are some of the issues that ... Continue Reading
The network edge is where an enterprise network connects to third-party network services. Edge computing is a distributed architecture that processes... Continue Reading