With Work-from-home happening at an all-time high, it is more important than ever for you to reinforce your cybersecurity protocols with your employees. If you haven’t thought about this before or have been too intimidated to take on the task, it is best to start with something simple.
One of the best means of increasing cybersecurity awareness across your company is to make sure everyone is aware of the basics. The more you raise awareness and communicate about the issues, the more cybersecurity becomes part of your corporate culture.
One of the most basic cybersecurity attacks is one I’m sure everyone has seen (or should have): Phishing.
Phishing is a cybercrime in which targets are contacted by email, telephone, or text message by somebody who is posing as a legitimate contact to lure the target into revealing some information or opening some document designed to cause harm. The fake legitimate-looking contact is posing as a company vendor, a co-worker or supervisor, a family member, or anyone else you might otherwise place in a position of trust.
How Phishing Works?
Often the target gets an email or text message which seems to be from someone they know, and the message asks the target either to click on a link, send a password, a bank account number, or other sensitive or personal information.
The message often is designed to put the target under some pressure (such as to get information back to your boss, help reopen a locked account, etc.). The message is that either something urgent is needed, something bad has happened, or is about to happen, or if you do not act, you will lose an opportunity for something good. Some urgency, pressure, or need to help a person in authority is almost always in play in most phishing scams.
If the target clicks on the provided link, scammers can install ransomware or other programs. They can take control of your machine and download a host of sensitive information.
You can be locked out of your machine and you can put at risk your company’s entire network.
The communication looks real at first glance, but upon closer inspection, some flaws begin to emerge.
Remember, it is not that difficult to emulate logos, to create fake email accounts, or pretend to be someone the target would know.
What You Can Do
With a little training and general awareness, most people can learn to spot a scam. The key is to be sure that the target knows phishing scams are happening and knows what to look for. There are several things anyone can do to uncover phishing scams. These include:
Check it out. The suspect email is providing a phone number or email address to contact.
Use another means of contacting the sender. I received a text last week from someone I hadn’t heard from in over a year. They were asking about a family member. Instead of responding, or ignoring the person altogether, I knew that I was friends with this person on social media and reached out to them through a different platform asking if they had texted me. The same thing works if you get an email from a vendor that seems questionable – pick up the phone and give them a call.
Once most people have seen a few of these, spotting the next one becomes much easier. As you get more experienced, the letters JDLR become more relevant to you when something “Just Doesn’t Look Right”.
How to Protect Yourself & Your Business
You can dramatically increase company security by doing the following:
The back-up also needs to be a regular part of your routine business operations. You should schedule and conduct daily (middle of the night) back-ups regularly.
How much has your business changed in the last month? Would a back up with data that is a month old be helpful? How much would you have lost in the interim? How many new employees did you hire? Payroll information? Taxes? New Accounts? Thirty days is a long time when it comes to data.
Daily back-ups can be easily accomplished and set automatically. Better still, once you create the daily back-up system, regular checks need to be happening to confirm they are taking place. Often your system administrator can get an email confirming that the daily back-up has taken place. Make sure those emails are being read and confirmed by more than one person. We know of an instance where the admin was getting emails and not reading the actual email. Had he done so, he would have seen that the emails were telling him the back-up failed. Sure, the email titles should have raised a better alert, but the warning was delivered and was ignored. Suggestion: the network administrator’s supervisor should regularly ask to see the emails just to confirm. The administrator is more likely to stay on top of things when he or she knows that the supervisor is going to ask about it regularly.
It’s important to remember that in the work-from-home environment that is currently growing at unprecedented levels a lot of change is taking place with how employees communicate.
That change can create a vulnerability to your systems. However, you can turn that vulnerability into an opportunity by using it as an ideal time to step up your cybersecurity education and awareness programs.
_____
Wayne Hippo is an owner and Managing Partner of PS Solutions, a software development and consulting firm with offices in Altoona, PA, Pittsburgh, PA, and Wilmington, NC.
You can reach Wayne at whippo@pssolutions.net