Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 
  1. Homepage
  2. Equities
  3. France
  4. Euronext Paris
  5. Teleperformance SE
  6. News
  7. Summary
    TEP   FR0000051807


SummaryMost relevantAll NewsOther languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

CISO Tips: Making Employees Your #1 Security Control

10/18/2021 EST

Nearly all major data breaches and ransomware incidents have human error as a common component of root cause. Many security professionals secretly think: "If I could just get rid of the users, I could have perfect information security" or say: "the root cause of all security incidents is always between the chair and the keyboard." Obviously, this is neither reality nor an effective strategy.

I prefer to take a more optimistic approach and believe that your user base can become the #1 control in your security strategy and help resist cyber-attacks if you:

  • Provide successful security awareness training
  • Harden your business processes against attack
  • Inspire critical thinking for your employees
Tip #1: Teach employees about protecting their credentials

Cyber attackers always want to compromise your employee's IT credentials as the first step in a data breach or major ransomware attack. That's why the Cyber Attackers send spear phishing emails to your user base, using social engineering to trick your workforce into typing their username and password into what looks like a corporate website or cloud service like Office 365. An industry best practice is to educate employees through security awareness training on how to spot these social engineering and phishing email tricks, and try to prevent the attackers from being successful. However, whether your company is 380 employees or 380,000 employees, you will never achieve 100% resistance against these attacks because the threat is always changing their tactics.

Most companies are considered best-of-breed in security awareness training if they can get 90% of the employees properly trained. All it takes is one employee to fall victim to a phishing or social engineering attack, and the first step in the attack is completed. Security Awareness is absolutely a "must do", despite being a great investment in time and resources. But you still must be prepared for that 10% failure rate and have a backup plan to backstop these mistakes.

Recommended Technology Backstops:

  • Multifactor login for an additional factor of authentication stops more than 90% of threat actors from compromising your employee's credentials.
  • Use modern network access controls, such as Zero Trust Models, that identify not only that the user is approved, but the machine the employee is using to login is also approved to connect to your corporate network.
  • Ensure your password reset process is secure and can't become a point of attack.
  • Design your login procedures to have a technical limit for unsuccessful attempts so threat actors cannot use brute force via endless password attempts.
Tip #2: Build business processes that are "hack proof"

Many successful cyber-attacks target your insecure business processes rather than just the IT systems that support those business processes. Some of the most lucrative attacks involve a threat actor sending a fake email to a finance organization employee appearing to be from the CEO or CFO, which then directs them to electronically transfer funds to their own rogue bank account. Another popular attack vector is to compromise one of your vendors' email systems and submit fake invoices to your accounting office, which are then paid without any real due diligence or official approvals.

While the cyber component of the attack is sending the fake emails, the true vulnerability being exploited is in the management process itself. No matter how large or small the company, there should never be a transfer of funds or payment of an invoice approved by just an email. A formalized internal approval process, that is not public facing, using an accounting and/or finance application to manage approval workflows is one way to prevent such attacks. You can apply this logic to any business process that might appeal to both internal and external threat actors.

Tip #3: Nurture critical thinking and anomaly detection in your workforce

Security awareness training alone is not enough. Teaching employees to look for threat attack vector patterns will have a short-lived time of value as the threat will continue to evolve their techniques and methods of attack. Critical thinking skills should be one of the top attributes employers employ in the hiring process. Critical thinking is defined as "objective analysis and evaluation of an issue in order to form a judgement."

In this context, we hope the "judgement" our employees form is to interpret anomalies as potentially high-risk, and then take the appropriate actions to mitigate that risk. We have observed many social engineering calls where the threat actor portrays themselves as IT support. While we can train our workforce to "be on the lookout" for this type of social engineering, it does not require much effort for the threat actor to change tactics.

So, instead of just training your workforce for the known threat, you should also encourage them to use good judgement and apply critical thinking to avoid problems or report any anomalous activity. Critical thinking can be nurtured in the workplace, but not necessarily taught in many cases. Many companies are using advanced testing during the hiring process to identify candidates with advanced critical thinking skills. I believe it's a good strategy to make this a hiring imperative, and then nurture a culture that rewards good judgement.

The most effective security strategies require multiple layers of protection. So, taking a comprehensive approach to investing in training, technology, process hardening, and strategic hiring will make your workforce your most valuable security control.


Teleperformance SE published this content on 18 October 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 21 October 2021 10:33:04 UTC.

© Publicnow 2021
04:22aSTRENGTHENED TIES : Khoros and TP for Diversity, Equity, and Inclusion
12/02CELEBRATING INCLUSION : International Day of Persons with Disabilities
11/30AI OPERATIONS : Human-Enriched Machine Learning
11/25A MILESTONE IN GENDER EQUITY : Teleperformance in India
11/23TELEPERFORMANCE : The Gold Standard in Ensuring Exceptional Employee Experience
11/22S&P Raises Teleperformance's Rating on Expected Improvement in FY21 Credit Metrics
11/22TELEPERFORMANCE : obtains wellness award, Factor Wellbeing 2021
11/18TELEPERFORMANCE : Meeting Customer Expectations through the Right Channels
11/16TELEPERFORMANCE : A Prescriptive, Six-Step Process for Digital Transformation
11/11SUPPORTING THE FUTURE : International Students' Day
More news
Sales 2021 6 956 M 7 857 M 7 857 M
Net income 2021 585 M 661 M 661 M
Net Debt 2021 2 350 M 2 655 M 2 655 M
P/E ratio 2021 36,7x
Yield 2021 0,88%
Capitalization 21 238 M 23 952 M 23 990 M
EV / Sales 2021 3,39x
EV / Sales 2022 3,12x
Nbr of Employees 383 233
Free-Float 98,0%
Duration : Period :
Teleperformance SE Technical Analysis Chart | TEP | FR0000051807 | MarketScreener
Technical analysis trends TELEPERFORMANCE SE
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus BUY
Number of Analysts 19
Last Close Price 361,60 €
Average target price 427,94 €
Spread / Average Target 18,3%
EPS Revisions
Managers and Directors
Daniel Ernest Henri Julien Chairman & Chief Executive Officer
Olivier Claude Jean Rigaudy Group Chief Financial Officer & Deputy CEO
João Cardoso Chief Research & Development Officer
Dev Mudaliar Group Chief Information Officer
Jeffrey Balagna Chief Operating Officer-EWAP
Sector and Competitors
1st jan.Capi. (M$)
EDENRED SE-13.42%11 289
LG CORP.-14.68%11 062