Is Your Sales Team Under Attack? Here are 3 Common Attacks Your Sales Team Might Encounter

Tech is great, but your first and best defense is cybersecurity awareness training.

Key takeaways:

• When thinking about cybersecurity, don’t neglect the sales team
• Social engineering attacks are rife
• 560,000 pieces of malware are detected daily
• A major threat comes from insiders
• The most effective tool against cybercriminals is cybersecurity awareness training

You’ve likely thought quite a bit about cybersecurity for your law firm or winery office staff. But what about your sales force? They are the face of your company and handle sensitive data, including private customer information, intellectual property (such as new product development), as well as other company assets. A single breach costs financially and reputationally.

Your sales team is at high risk due to the sensitive information they handle regularly. They are susceptible to social engineering attacks, malware attacks, and insider threats. Salespeople must be able to identify and respond to these threats to maintain a competitive advantage and ensure customer safety.

This article offers crucial insights into the threats faced by your sales team, how to spot and prevent them, and provides actionable best practices, including regular cybersecurity awareness training, implementation of multi-factor authentication, and incident response protocols. You’ll learn what it takes to safeguard your sales team against potential threats proactively.

 At Endsight, our goal is awareness and education. Our cybersecurity fundamentals training offers you that and much more.

The 3 main cybersecurity threats

Bad actors are becoming much more sophisticated, and there are many ways they can infiltrate a network or infect a device. Let’s look at the three most common and how to defend against them.

1. Social engineering attacks your sales team face

Social engineering uses psychological manipulation to fool users into making security mistakes or revealing sensitive information. The attacker gains trust and provides a reason to take actions that violate security protocols.

For salespeople eager to initiate contact and potentially close a deal, these kinds of attacks present a special risk:

• Phishing is popular among the cybercriminal set. These scams use email and texts to create a sense of urgency or prompt curiosity or fear. They then click on infected links or open infected attachments. 
• Spear Phishing is a targeted version of fishing. Messages are tailored to the victim based on characteristics, job titles, and contacts. Much harder to detect, they have a high rate of success.
• Whaling is a highly targeted, personalized phishing attack that masquerades as a legitimate email sent to senior executives. The object is usually to initiate a wire fund transfer.
• Pretexting uses a made-up story (a pretext) to gain trust and then trick them into harmful actions: downloading malware, sharing sensitive information, sending funds, or other harmful activities.
• Baiting promises to deliver the goods. A baiting email might offer free movie passes, a gift card from a local store, or free music downloads. Of course, you only get these things if you share personal information.

Even security firms are vulnerable. One famous example is the 2011 RSA SecurID attack. Hackers were able to leech valuable information about the company’s two-factor identification fobs. Shortly after, defense contractor Lockheed Martin discovered hackers attempting to penetrate their network using RSA’s stolen data.

How did it happen? Four employees received emails from a purported job recruitment website with an Excel attachment. The attachment, 2011 Recruitment Plan, was opened, installing backdoor access to their work computers and the entire network.

2. Malware

Malware is short for malicious software, and it takes many forms, lurking on legitimate websites, hiding in applications, or attaching to files. Malware can replicate and encrypt files, block access to data, or collect information. Each day, 560,000 new pieces of malware are detected. Malware takes the form of:

• Viruses that replicate rapidly and infect files and systems.
• Worms spread without hitching a ride with files or programs.
• Trojans, like the Trojan horse of old, are disguised as legitimate software you’re tricked into installing.
• Ransomware encrypts files, and a ransom is demanded to regain access.
• Spyware secretly collects information about user activities, captures keystrokes, and monitors browsing habits.

You can see how malware can quickly ruin the reputation of a sales team and your company. It is usually spread through phishing emails, tricking a salesperson to click a link or download a file with malicious code. It can happen on social networks when they click on a photo or video or through the connection protocol used to connect with the company network. Malware also can be introduced by visiting the wrong website.

Protecting against social engineering and malware attacks

Social engineering and malware attacks can be avoided by taking precautions:

• Check the source of communication. Examine the email header and check it against valid emails from the same sender.
• Where do the links go? Made-up hyperlinks are usually easy to spot – just hover your cursor over them without clicking. Many malicious links have spelling errors. To double-check, go to the official website and initiate contact with a representative who can confirm if the email is legitimate. Unfortunately, bad actors are employing AI to make these links harder and harder to spot, as the technology has been weaponized to improve phishing attacks.
• Do they know you? If an email doesn’t contain information about you (such as your full name) that you would expect, there’s a good chance it’s fake. 
• Secure devices with next-generation versions of anti-malware and anti-virus software such as Sophos EDR (endpoint detection and response), and keep it current. 

3. Insider threats

Perhaps the most insidious of the common attacks your sales team may encounter are insider threats. These threats originate with authorized users, including employees and vendors, who misuse their access, either by accident or intention. And 60% of data breaches are caused by insiders.

Malicious insiders are usually disgruntled or discontented current employees or former hires with a grudge who still have access. They want revenge or financial gain, and sometimes both. They also might work with a malicious outsider to disrupt your business operations or leak customer information, trade secrets, and other data.

Negligent insiders don’t have bad intent, but ignorance or carelessness makes your business vulnerable. They fall for phishing attacks, blow past security controls, lose a device that cybercriminals can use to penetrate your network, or send files with sensitive information via email to an outsider.

These internal bad actors can be spotted by looking for:

• • Unusual login behavior 
  • Unauthorized use of applications
  • Abnormal behavior in general
  • Privilege escalation
  • Excessive downloads

These threats can be mitigated through identity and access management, user behavior analytics, and adversarial technology tactics that strengthen network security.

Best practices for sales team security

The single most important and influential thing you can do to defend against the common attacks your sales team may encounter isn’t technology. It is cybersecurity awareness training. Continuous security policy training for every authorized user is essential. The recommended frequency is every six months after initial training.

Cybersecurity takes a multi-pronged approach, so employ technology to implement multi-factor authentication, keep software and systems updated, utilize encryption for sensitive data, and establish incident response protocols.

Arm your sales teams against threats with Endsight

Bad actors are everywhere – inside and outside – just waiting for a chance to deploy malware or use social engineering to further their nefarious schemes. Technology is one tool, but the most significant impact on cybersecurity comes from continuous cybersecurity awareness training.

At Endsight, we believe training is one of the cornerstones of cybersecurity. Get in touch and audit our next monthly training to see if it’s the right fit for your sales team. We know technology is only part of the cybersecurity puzzle.

People can be your biggest defense or your greatest weakness. Endsight offers complimentary monthly training on cybersecurity fundamentals. Sign up to audit a course and see if it’s the right fit for your team.

Raise your security awareness and level of protection by taking the next step and having us design and implement security training within your company. Reach out today.