Recently both KETK and KLTV reported on a Michigan audit that should concern employers everywhere. Auditors planned a covert cyber-attack to discover their vulnerability, and the results were stunning. They sent a fake phishing email to 5,000 employees and almost one third of them opened it. A fourth clicked on the link that, had it been real, could have downloaded malware. One fifth put in access or other personal information. No matter what the size of your business, cyber security should be a top priority.
One problem employers have is you can’t always control what your employees are doing online. Attempts were successful not because an insider had malicious intent, but because people just got in a hurry. Distribute these tips as a reminder for long-term employees and an onboarding tool for new hires.
Know Your Vulnerabilities
Here are the most common types of cyber threats:
- Phishing – Cyber attackers send fake email to try and fool recipients into providing information. It may look like it came from Bank of America or Tyler Water Utilities. It may have the appropriate logo and the same font that business uses. Recipients click on the link provided and the site prompts them to enter their passwords, account numbers or other personal information.
- Malware – This type of program looks like it came from a trusted source. It prompts users to install fake antivirus software or download an update and often instructs them to click past security warnings from their antivirus or browser. Viruses, Trojans and spyware are all forms of malware. Some lurk on your computer and record keystrokes; others hide in the background and store credit card numbers. Imagine the damage if malware goes undetected while it steals your clients’ financial information.
- Ransomware – This is a type of malware that takes over your computer, network or server and denies access to your data until you have paid a fee. Cybercriminals charge Bitcoin to remove encryption, and the price can range from a few hundred to a few thousand dollars. It’s typically delivered as part of a phishing scam or as an email attachment. The files can’t be encrypted without the key provided by the attacker, so if you don’t have a recent backup you either have to pay up or lose your data.
- Botnets – It sounds like sci-fi, but Botnets are networks of infected computers under an attacker’s control. The infected computer functions normally, but works to corrupt as many devices as possible.
Communicate With Staff
This is perhaps the most important thing you can do to protect your data, but it requires an ongoing effort. Your employees are busy doing their jobs, so they aren’t always thinking about cyber-security. Train them not to open unexpected attachments, and then remind them regularly. Set a reminder on your calendar to have a cyber-security refresher course.
Viruses often arrive in email that looks like it was sent from family members, friends, co-workers and acquaintances. The email might have genuinely come from that person without their knowledge.
Avoid files with the extension .exe, but all extensions can hide a virus. Unless the attachment is expected, call or text the sender to see if it’s legitimate.
Test Their Knowledge
Find out which employees are paying attention and who needs additional training by sending your own phishing attack. Show employees what just one click can do and, if they continue to repeat their mistakes, implement repercussions. Test them once a month using one of these phishing simulators.
Remind employees to keep their passwords in a safe place. A post-it note on their monitor is not a safe place. Security is about control, and the only way to absolutely control who uses your computer is to be the only one who can log in.
Regularly Update Your Anti-Virus
Cyber-attackers continually develop more sophisticated technology. They make money at it, and they’re very intelligent. Regularly updating your anti-virus software makes it equipped to handle threats as they evolve.
Brelsford Personnel stays consistently up to date on the challenges faced by East Texas employers. When candidates work with us to find a job, we make resources available like our Employee Cyber Security Handbook. Contact us to find out more.
*Missy Ticer is a blogger and East Texas resident who found her dream job. Content is exclusively for use by Brelsford Personnel.