Hackers are trying to access your personal email to hack your company.
In August 2022, networking equipment vendor Cisco confirmed that it had been the victim of a successful cyber attack.
The attack was notable because the bad actors obtained access by compromising the personal Gmail account of an employee on their personal computer. Cisco’s corporate-owned devices, and company infrastructure, were never directly compromised.
Instead, the hackers successfully took over the user’s personal computer, through which the user accessed their personal Gmail account. Unfortunately, the hacker could then steal the credentials to that personal email account.
The hacker then used the stolen Gmail credentials to access the user’s Chrome browser user, which, unbeknownst to the employee, had saved their Cisco credentials and synced them to their personal Gmail account.
Finally, the hacker then used those stolen credentials to log in to Cisco systems, precisely as a legitimate user would.
The Cisco Talos intelligence group shared a detailed write-up in a blog post, confirmed in an article by TheHackerNews.
As an employee, you need to be prepared to be targeted because of your work.
Hackers cannot know who can access corporate data, so they target all company employees. Even if you don’t personally have access to sensitive data at your company, you have to assume that you are still a target.
We are all targets, as hackers cast a broad net for attacks of opportunity – and every time an attack like this works, more cybercriminals are encouraged to join the party.
When a hacker gets access to your laptop or email, they can use that access not only to steal your employer’s data but also your data – such as bank account logins, personal files, or access to social media accounts.
Your personal security is every bit as important as your company’s security. Be sure to check out our article about cybersecurity for small businesses.
Companies are responsible for protecting their teams.
Attacks like these emphasize that any organization’s most significant attack surface is its employees. Even with the most comprehensive security software and processes possible on corporate data, employees need access to that data to do their jobs, which means those same employees must be protected.
Protecting employees is critical both to them as individuals and to the company. It is key to the individuals because the threats they face are occupational hazards that no employee should face alone. It is also critical for the company itself because if companies don’t protect their employees in their personal lives, we know those threats will damage the company, too.
In the case of Cisco, as in many others, the threat came through a personally owned device. If Cisco had protected that device with advanced anti-malware, the initial attack would have been prevented – as a result, the employee’s personal account would never have been compromised. In turn, company systems would have remained safe.
Protect Yourself With Personal Cybersecurity
Agency provides business-level, comprehensive protection to individuals. Ask your company what it’s doing to protect you in your personal life from threats like the Cisco data breach. If your company cannot provide the protection you need, consider purchasing Agency’s affordable, personal cybersecurity plan. Sign up for the newsletter to receive a free one-month trial! Get Agency, and protect yourself from cyber crimes like phishing emails and viruses!