Written by Frederick Coulton, Head of Product at CultureAI

While we all know email is a big target for attackers, it’s important to remember that email is not the only risk vector. As companies use more tools and features, the risks grow too. Email is just one piece of the puzzle, which is why it is crucial to consider a wide range of employee security behaviours to get a holistic view of your risks. By doing so, you can focus resources more efficiently.

Human Risk Management (HRM) is a vital part of cyber security. Even if you have technological safeguards in place, HRM plays a substantial role in your overall security stance. Here I highlight some of the employee cyber risks that often get overlooked and how we can better keep an eye on them in real time.


Password reuse across SaaS apps

Out of the millions of logins to shadow Software as a Service (SaaS) applications analysed by the CultureAI Platform over the last two months, it found that 38% of employees were logging in using a password they already use on other apps. Amazon, Google, and Microsoft were among the most impacted apps, all of which store highly sensitive data.

When an employee uses the same password across multiple places, it means that if one of those sites experiences a security breach, there is a significant risk of unauthorised access to other applications – an attack known as ‘credential stuffing’. The more the password is reused, the more opportunities there are for that password to be compromised or stolen.

You can address the risk of password reuse with continuous, targeted coaching that helps improve employee password habits. People are human though and will make mistakes or take shortcuts. So new technologies like automated interventions can act as a safety net.

By utilising real-time data from browser extensions, you can get visibility into the SaaS platforms used by your workforce. This enables you to identify risky behaviours in real time, such as re-using credentials or not using multifactor authentication (MFA) or single sign-on (SSO).


Shadow SaaS and unapproved software

Keeping your data safe and secure can be a challenge at times, and one of the reasons for that is the presence of shadow SaaS and unapproved software. These unauthorised applications can pose a significant risk to your organisation, leading to data breaches, compliance issues, and increasing vulnerability to cyberattacks. However, effectively identifying and managing such unauthorised usage can be a daunting task.

By monitoring app usage, you can gain visibility and insight into what apps and software are being used, helping to identify instances of unapproved software and understand where action needs to be taken.

Instead of just focusing on restricting shadow IT, I’d suggest a more proactive and understanding approach. If an employee is using a certain app, it’s probably because it serves a specific business need. Instead of reprimanding them, you can guide and coach them towards an authorised software solution when unauthorised usage is detected.

This not only enhances security but also encourages employees to make informed choices and actively contribute to a secure work environment. Such an approach promotes a security-conscious culture and empowers employees to play an active role in creating a safer workplace.


Multi-Factor Authentication (MFA) vulnerabilities

MFA is an essential layer of security that’s commonplace in enterprise deployments. Even if someone’s password is compromised, the extra authentication makes it much harder for unauthorised individuals to gain access. While it’s not a silver bullet, it often acts as the final defence in many cases, so its significance should not be underestimated.

That said, MFA can sometimes lead to security complacency among employees. They may develop a false sense of invincibility, assuming that with MFA enabled, they are completely protected. Attackers are sometimes taking advantage of this using MFA fatigue attacks.

By continuously mimicking legitimate MFA prompts, attackers can trick employees into providing login credentials or approving unsolicited authentication requests. Prominent cases of potential MFA fatigue attacks have involved companies like Uber, Microsoft, and Cisco.

In a recent MFA phishing simulation attack run using CultureAI, it was found that 31% of employees accepted an unsolicited MFA request. One of the main reasons for this is a lack of employee awareness. That’s why it’s crucial to provide targeted coaching and run MFA attack simulations. These simulations help you to proactively identify vulnerabilities and offer specific coaching to improve employee preparedness. This way, the risk of falling victim to real MFA attacks is minimised.


What’s Next

Phishing is a major security threat to employees as it exploits their vulnerabilities, using social engineering to deceive individuals into sharing sensitive information or installing malicious software. While it’s important to address phishing, it shouldn’t be at the expense of other risks. Focusing only on one risk can leave your organisation exposed, which is why a strong cyber security strategy requires the implementation effective HRM.


By opting for a HRM platform that seamlessly integrates with your tech stack and tracks employee security behaviours across email, instant messaging, SaaS apps, and file collaboration tools, you can get a complete picture of your most prominent human cyber risks. An effective HRM platform will also enable you to improve these behaviours and mitigate risks through targeted coaching, interventions, and nudges that actively promote and reinforce good security practices.