One of the challenges facing cyber security today is the feeling that a cyber breach is something that can not be avoided, something that is essentially out of your control. A common misconception is that – unless you’re a large company with a ton of resources you can devote to cyber security, intrusion detection, malware scanning, and all the other fancy bells and whistles – there’s little to nothing you can do to prevent your business from becoming a target.
But that’s where you’re wrong.
Did you know that the largest cyber security threat to small and medium-sized businesses is actually your own employee or vendor negligence? A recent Ponemon Institute Study found the top two causes of breaches to be negligent employees or contractors (at 48%) and third-party mistakes (at 41%). As it turns out, these are two areas where business owners do have some semblance of control.
Be on the lookout for these 4 common attacks:
1. While they may look harmless, and even familiar, embedded links and popups that redirect an employee to an unknown site and ask for personal information are always a red flag.
2. Malware in an email attachment can affect your system once opened by an employee.
3. When an email appears to be from within the company, usually from a CEO or CFO, and directs an employee to send data or money – it’s almost always a case of email spoofing.
4. Though old school, be aware that attacks may still take place via telephone. Be wary of anyone who calls asking pointed questions while claiming to be a known vendor or even an internal employee.
6 tips for protecting your company:
1. Talk to your entire staff often about cyber security and implement an onboarding training session for new and future employees. Remember, the most common form of attack – phishing or social engineering – is caused by simple human errors. When you make cyber security a priority – your employees will, too.
2. Teach employees to spot problems by always following these golden rules:
Always verify senders before opening a link in an email. Never click a link or download an attachment from an unknown sender.Put a system of checks and balances in place for targeted data that can prevent email spoofing scams. Any email or website asking for sensitive data such as banking information, payments to unknown accounts or unknown vendors, and additional employee data should be verified by more than one employee before sending anything.
3. Talk to all of your vendors about the cyber security practices they follow and how their actions may impact your company’s security. Make sure that all of the people with access to your customer’s data are working as hard to protect it as you are.
4. Always keep all of your systems up to date. Security patches in software are designed to close the gaps.
5. If employees are using company tools such as phones and computers for personal use, be sure to educate them about the importance of cyber security. Always require two factor authentications on every device and system that stores information, and be sure to password protect all phones and laptops.
6. Get a cyber insurance policy – and don’t underestimate the power of having one. At Wingman, we take pride in protecting our customers, our company, and our employees. When all else fails, cyber insurance will be there to help you put the pieces back together if the worst happens to you, or your company.
In the wake of large scale cyber attacks, such as the ones we’ve seen in the public eye recently, it’s reasonable to be worried. Will these tips stave off all attacks? No, most certainly not. What these tips will do, however, is give you peace of mind while harnessing the control you do have.