Consumers aren’t the only ones who can be victimized by social engineering attacks while shopping online, according to Arab News. Employees who use work devices for personal shopping are at risk of falling for scams and potentially letting attackers into the company’s network. Arab News quotes Werno Gevers, regional manager at Mimecast Middle East, discussing the findings of Mimecast’s recent report on how employees use company-issued devices.

“The research showed that 81 percent of participants had received specific work-from-home cybersecurity training, yet 61 percent still admitted to opening emails they thought were suspicious,” Gevers said. “This shows that while there is a lot of awareness training offered, the content and frequency is completely ineffective at winning the hearts and minds of employees to reduce today’s cybersecurity risks. Training needs to be regular and memorable if organizations are to protect workers and company systems from compromise.”

Cybersecurity expert Abdullah Al-Jaber told Arab News that employees should avoid using company devices for personal matters.

“Don’t use a work laptop for personal use, such as emails and surfing the Internet,” he said. “Make sure to enable two-factor authentication whenever available on any platform and use complex passwords that cannot be guessed easily. And, of course, report any suspicious emails or calls.”

In addition to attacks that affect an organization directly, phishing campaigns that impersonate a company’s brand can impact the company’s reputation.

“As part of its regular security research, Mimecast monitored 20 leading global retail brands and found almost 14,000 suspicious, recently registered website domains using names related to those brands,” Arab News says.

While these attacks aren’t the fault of the impersonated organization, Gevers explained that they can still have an impact on the organization’s reputation.

“The damage to a company’s reputation following a successful online brand exploit can take a long time to repair, so it’s in the best interest of the organization and its customers to take preventative measures,” Gevers said.

New-school security awareness training can enable your employees to follow security best practices and avoid falling for social engineering attacks.