"These additional security exposures greatly increase the risk of employees being compromised," says Scott Carlson, technical fellow at BeyondTrust. "Because they're the one searching, they often forget that links they find are equally as dangerous as links they are sent via email. Taking the standard preventative measures to remove administrative rights from the endpoint and increase awareness at the layer of proxy control for employees are two ways in which you can reduce the risk internally."