Cyberattacks are a serious threat to every business — not just here in Indiana and Illinois but everywhere.
Small businesses are increasingly vulnerable to being hacked. Data released by Accenture shows that 43% of cyberattacks target small businesses, and within that group, only 14% are prepared to defend themselves.
As a business owner, you can improve your odds greatly against being victimized with strong and ongoing employee training. That’s because nearly 90% of all cyber intrusions occur initially due to human error.
Even with the best anti-virus software, firewalls and protection, a network is only as strong as its weakest link. If an employee inadvertently clicks on a link with malware or opens an attachment that allows a cybercriminal access to the system, that in turn exposes the company to a lot of headaches.
Cyberattacks are costly in terms of finances, compliance issues and reputational damage. To give your business better protection, begin by implementing ongoing employee training. Whether you use internal resources or partner with an outside managed services provider, here are a few key areas that your training should include:
1. Email awareness
“Phishing” is defined as “the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” Phishing attacks are a common point of entry for hackers looking to breach an organization’s network.
“Lack of awareness” is a hacker’s best friend. A cleverly worded email offers an incentive if the recipient clicks on a link. Or an employee may receive what looks like an invoice, a payment that is being processed or delivery notification, all asking that they click in a link or open a document. Employees should be trained not to trust anything without verifying it. Whether via email or cellphone, the guiding rule is “be cautious, verify and don’t open anything suspicious.” Encourage employees to check with a department head or other supervisor regarding the authenticity of a questionable email.
Artificial Intelligence (AI) can be a useful tool for detecting and preventing phishing. AI works on an algorithm basis and focuses on understanding and recognizing patterns from vast piles of data to create a system that can predict unusual behavior and anomalies. There is AI anti-phishing technology on the market that can serve as an additional line of defense by identifying and blocking unusual emails, preventing a suspicious email from making its way into the employee’s inbox.
2. Passwords
Encourage employees to create strong passwords that are difficult to “crack” and change them regularly. Strong passwords contain a combination of symbols, numbers and letters in both upper and lower case. It’s also good practice to have a unique password for each account. Use multi-factor authentication (MFA) for additional security. This training component could be accompanied by bringing in an expert to attempt to hack into employees’ emails to test the system’s vulnerability.
3. Employees using personal devices
Another potential problem is improper use of personal devices in the workplace. Personal devices can improve efficiency, allowing for evening and weekend working. But if your company allows this practice, there are security steps your training program should instruct employees to follow, including:
- Strong passwords on each device
- Encryption for all devices
- Use a VPN on all devices if in areas with unknown Wi-Fi services (i.e., public places like coffee shops and malls)
- Every personal device should run company-approved antivirus
- Specific guidelines for what employees can and cannot access via the company network
4. Don’t overlook the obvious
When implementing training protocols for employees, remember the importance of security both in the office and in the home office. Sensitive paper data should be stored under lock and key. This includes paper products, as well as portable and removable devices. Employees should be trained in practices of locking away documents with sensitive information, and also in the practices of shredding no-longer-needed paper documents.
Providing thorough and ongoing training for your employees in cyber threat awareness will be one of the best investments your business can make. Data shows that hackers and cyber criminals attack 30,000 websites each day. Don’t let your company be one of them!
Chip Miceli is CEO of Pulse Technology, a technology company specializing in Managed Services (IT) with locations in Merrillville, as well as Schaumburg, Illinois, and Brookfield, Wisconsin.