Breach-Proofing = Employee-Proofing
Mar 23, 2018, 15:15 PM
It sounds simplistic, but at the most basic level, cyber security depends on delivering one key message to your staff: "Don't touch that!".
Do your employees use company-issued computers or devices to check their social media feeds during down times? All it takes is one click on a virus-infested link on Facebook, and suddenly cat videos aren’t so adorable anymore. Online shopping can pose another risk. Even using apps to order lunch may expose your network to hackers. Here’s how to help your team identify potential attacks:
- Links in emails are the most common source of cyber trouble at small businesses. Hackers have become adept at mimicking the look of emails your company receives every day from financial institutions, retailers, business partners, airlines, your insurance company—and if they can get just one person on your staff to click on a link, you’re in trouble.
- “Socially engineered email hacks work on unsuspecting employees who haven’t been trained to spot and react to them,” says Steve Morgan, founder and editor-in-chief at Cybersecurity Ventures. His coverage of the Business Email Compromise scam details how the outfit “has been tricking finance and administrative employees into not only clicking on emails they shouldn't, but actually wire transferring funds to cybercriminals—without realizing it.”
- Fake customer support representatives (CSRs) work to persuade employees to reveal their login credentials on the pretext of helping them reset their passwords. Scammers have even posed as IRS agents as a ruse for getting access to information. And in many of these cases, they don’t even have to break into the system, because unwitting employees give them what they want.
- Learn about breach sources that work through your people. “Spear phishing,” or spoof emails, lax password policies, failure to limit network access, and personnel changes are all potential breeding grounds for breaches.
Bringing your team into the security conversation may well be among the most effective ways to stop breaches before they start.
Read the Keeping Data Covered: Creating a "Breach-free" Climate guide for more on helping your people be your first defense against cyber-attacks.