As business IT professionals, we’ve seen some things.
Things that will horrify you. Things you would never want to encounter in your own business.
We’re talking about security breaches, data theft and file corruption. That brought entire companies to their knees. This is something that you, as a company owner or manager, just don’t want to happen. Because it only takes one click from a well-meaning member of your team on the wrong page. And that might mean the difference between a thriving company and a serious disturbance, rendering trading impossible. You don’t need us to warn you that a loss of data will lead to a huge lack of confidence from your customers. And the cost of fixing a problem such as this can also be phenomenal.
So, we want to share the secret behind keeping your business data safe.
Of course, you should have an IT partner who protects you with a blended security package (blended means having the perfect combination of security systems which secure you and your employees, without inconveniencing you when you’re trying to function. It’s a balancing act).
But there’s something else that we think any company should invest in every year.
Training in Cyber Security.
While it might seem obvious, you’d be shocked to find so often companies underestimate the value of company-wide security awareness.
And yes, we really mean company-wide.
Your whole company, from the latest entry-level individual to the CEO, should take part in formal data security training on a regular basis. A strong culture of cyber security is one of the safest ways to keep your company safe from increasingly advanced attacks out there. Since hackers use advanced software to identify vulnerabilities in any company, all the time.
And yes, that includes yours. Note, it just takes one click from a well-meaning member of your team to a bad link. And that might unintentionally let hackers into your system.
“But my people are trained experts. They won’t fall for a scam.”
We often hear this.
And yes, your people are savvy, but so are cyber criminals.
Cyber-crime is changing. And there’s always another scammer or hacker around the corner trying to take advantage of a technical vulnerability or a stressful situation (hello, global pandemic). Your company can never be too organised. Taking a look, for example, at phishing. You heard about that, haven’t you?
But do you and your team really know what it is?
Phishing is a simple method used to extract information such as password or credit card data through e-mail, phone or text message. You may think your team’s beyond falling for an email from their long-lost uncle abroad. But the phishing scams have come a long way. Today, phishing emails are even more compelling. They also appear to come from someone who is trustworthy, such as your bank, a customer, or someone else you know.
They’ll ask you to click a link to update your info, or to change your password. But instead of being taken to a legitimate website, you will be taken to a very convincing replica. And once your details are entered, you’ve given them away. Other times, an attachment will be sent-again, apparently from someone you know, when it’s opened, it can install malware on your computer (or across your entire network) This will then allow criminals to steal data or deny you access to your own information (called crypto locking).
And we’ve got the spear fishing. Instead of phishing, which is targeted at anyone, this is targeted at specific individuals. Usually, the attacker has spent time learning a lot about you (your name, position, company information, etc.). And how they use that to their benefit. If they threaten someone at the top, it’s called whaling (also known as CEO fraud). They threaten those at the top as they have access to the most important info.
Whaling attacks are also planned for a long time to come. And when they work, it offers cyber criminals a big financial gain.
Then there’s a pharming that asks you to take action on what seems like a popular page. Except if you look very closely, the address of the website is slightly different from usual. It’s a scam place, and any details you enter is going to the offenders.
There is a more frightening version of Pharming where the criminals manage to divert attention to the actual website. They’re really hard to detect. But sometimes there are tiny little hints that drive fake places away, if you know what to search for.
Spoofing is the term anytime you get an email that pretends to be from someone you know-such as your account department. And it asks you to go to a link to confirm your information. This form of scam is mostly used to download malware or ransomware rather than to steal the credential.
Then we’ve got smishing, which is text message phishing (SMS). vishing, which is cell phishing, or voice phishing. You will get a phone call from a blocked or odd number. The caller will claim to be identified and expect you to take action or make a payment. They’re pretty common. So if you or your team are still confused, make sure you hang up, then dial the company back to the number that you have (and never the number that the caller gives you).
This is not a complete list.
There are several other ways cyber criminals are going to target your company. Some of you think your people are pretty hot on cyber security. And hopefully you’ve got the new security programme defence across the whole network.
However, it is still a smart thing to incorporate another level of human security. Since companies like yours are the prime targets for cyber criminals. If you’ve never done security training before, now is the best time to start developing new routines. After all, the team will see enough change this year to be open to just about anything!
Employee education is one of the best business tools that you can invest in. And it might end up saving the company from a catastrophe. Yet there is no limit to the rewards of regular training. It’s still a great motivational tool. Your people will feel invested in when they have relevant training, increasing engagement all round. Remember to make sure that everybody, from bottom to top, takes part in regular training. Since a cyber-criminal doesn’t really care who opens the link… just as long as somebody does.
If you do not currently have an IT partner who can offer appropriate data security training to your company, please contact us today.
Our team of experts will be glad to help keep you updated and safe.