Recently, a woman reached out to me that worked for one of our customers with a serious problem. She had been using her phone late in the evening and encountered a phishing attempt that politely asked for her Apple ID and password – she unintentionally handed it over. Being exhausted from a long day, and a bit aloof from a couple late night drinks, she didn’t even think twice when she accepted the MFA prompt on her iPad. It was only in the morning where she came to realize that she had given a stranger access to all of her Apple IDs and passwords through a keychain.

The result was that the hackers gained access to her home Wi-Fi network, her power company, and her financial records – basically hijacking her entire identity.

This is not an uncommon occurrence by any stretch of the imagination, but one we see far too frequently, especially in the workplace. However, there are several strategies and repeatable exercises that people can do to protect themselves from themselves in a world rife with bad actors looking to steal sensitive information.


Why do employees continue to be the root of hacks?

Most recently, a threat group called Scattered Spider targeted MGM Resorts’ employees with a social engineering attack with the ultimate goal of extorting money from the hospitality empire.

The impacts were devastating, resulting in roughly $100 million in losses for MGM. And it started with employees. So why do bad actors continue to target individuals to gain access to sensitive data? Well, there are a variety of reasons:

  1. People are busy – with messages being coming at all directions every day, it is easy to ignore security best practices. Everyone has a job to do, and often security considerations can slow down your flow.
  2. People love to click on random stuff – often the result of distraction or human error, a lot of people click unsecure links in emails or text.
  3. They get sick and or tired – Tactics like MFA fatigue attacks take advantages of weary workers by continuously sending MFA notifications until an end-user relents.
  4. Humans are unpredictable – not only in real-life but in the digital world. Unpredictable actions taken digitally can disrupt security protocols and result in vulnerabilities
  5. People need access to the tools they need to work – obstacles standing in the way of access to these tools are often worked around, as employees need to be productive.


How can we Protect Employees from themselves?

Implement a Zero Trust Architecture

As opposed to a traditional firewall, Zero Trust enables security teams to protect a person’s identity, applications and endpoints. Zero Trust is a cybersecurity framework that assumes no one, whether inside or outside the business, can be trusted by default. It requires strict access controls, continuous monitoring, and thorough authentication processes.

In the story of the woman falling victim to a phishing attempt, a Zero Trust model would have added layers of security and required multiple forms of authentication before granting access to sensitive data, such as her Apple IDs and passwords. By implementing a Zero Trust strategy, businesses can significantly reduce the risk of employees falling prey to social engineering attacks and the subsequent loss of sensitive information.

One key reason employees often become the entry point for cyberattacks is their vulnerability to distractions and fatigue, as mentioned in the example of the exhausted woman who accepted a malicious MFA prompt. Zero Trust addresses this vulnerability by implementing strict security policies that do not compromise on security even in the face of distractions or fatigue. By continuously verifying the identity of users and devices and limiting access based on the principle of least privilege, Zero Trust ensures that employees are not left to make security decisions when they might be most susceptible to making mistakes.

By implementing a Zero Trust framework, businesses can better safeguard their employees and data in a world where bad actors continuously seek to exploit human vulnerabilities.

Enable Modern Endpoint Management

Modern Endpoint Management tools, such as Microsoft Intune, play a pivotal role in the endeavor to protect employees from themselves in a digital world fraught with threats. In the instance of the woman who fell victim to a phishing attack, Intune could have been used to enforce robust security policies on her iPad, ensuring that even in a state of distraction or fatigue, the device adhered to strict security guidelines. These tools allow businesses to manage and secure endpoints, including mobile devices, in a centralized manner, providing a consistent level of protection and control. With Intune, administrators can set up policies to prevent unauthorized access, push security updates, and remotely wipe devices in case of a security breach, thus curbing the risk of compromised credentials leading to a cascade of breaches.

Leverage App Management Practices

App management is a critical component of protecting employees from themselves in a world filled with evolving cyber threats. App management solutions, which can be integrated into a comprehensive endpoint management strategy, enable businesses to enforce security policies, regulate application installations, and ensure that only trusted and authorized applications are used on employee devices. By leveraging app management, businesses can mitigate the risk associated with employees unwittingly downloading malicious or unvetted applications, reducing the likelihood of cyberattacks that compromise sensitive information and identities.

One of the primary reasons employees remain vulnerable to cyber threats is their interaction with various applications, especially on mobile devices. App management provides a means to centralise application provisioning, monitor usage, and enforce security policies. This not only bolsters protection against phishing attacks but also guards against employees unknowingly engaging with rogue applications that can lead to data breaches.

Fostering a Security-Conscious Culture

A security-conscious culture encourages employees to take cybersecurity practices seriously, act vigilantly against threats, and recognise the significance of their role in maintaining the overall security posture. When employees are educated and motivated to make security a core part of their daily routines, the likelihood of falling victim to phishing attempts or social engineering attacks is significantly reduced.

The relevance of a security-conscious culture extends to addressing the reasons behind employees being the root cause of hacks. A workforce that is constantly bombarded with messages and under pressure to maintain productivity may overlook security best practices or rush through security-related decisions. However, by fostering a culture that champions the collective responsibility for cybersecurity, businesses can mitigate these vulnerabilities. Through training, awareness programs, and a shared commitment to security, employees can become a critical line of defense rather than a weak link.


In summary, safeguarding employees from their own inadvertent actions in the face of digital threats demands a multifaceted approach. The stories of phishing incidents underscore the urgency of implementing comprehensive security measures. Solutions like the Zero Trust Architecture, Modern Endpoint Management tools such as Microsoft Intune, and App Management practices are critical elements.

Moreover, fostering a security-conscious workplace culture is key. This cultural shift encourages employees to focus on cybersecurity, stay vigilant against threats, and take responsibility in their role of protecting sensitive information. By combining these strategies, businesses can significantly reduce the risk of employees falling victim to social engineering attacks and mitigate the consequences of their actions in an increasingly complex digital landscape.




Contact us to learn more about Phone Ownership models