Cyber threats are on the rise… or so we’re told on a rather consistent basis. Phishing is up. Ransomware is up. Data breaches are up. Malvertising is up. Everything’s up and raining down on businesses of all sizes and shapes. And if we take a look at the numbers, all of this appears to be true.visualcage
Can we expect anything less, though? As technology advances, so too will the threats. But if this is the case, shouldn’t the security of this technology advance right alongside the threats? One would imagine as much. So what’s the problem here…?
The people are the problem. Always have and probably always will be. Human error is to blame for a vast majority of data breaches and can be given credit to the overwhelming success of cyber threats.
Do you ever stop to wonder why phishing is up? It’s because it takes less than 60 seconds for some poor soul out there to become the first victim of a phishing attack.
And because of this, it should come as no surprise to you that ransomware is up, as well. Why? Because hackers are pushing ransomware in phishing emails.
The same goes for Malvertising. Although Malvertising isn’t pushed in an email, it’s still highly successful thanks to the human element. It simply doesn’t take very long for a whole mess of people to click on a malicious ad.
So with all of these threats raining down and all of these silly humans taking the bait, is it only a matter of time before some cyber threat has its way with you and your business? Well, the clock might be ticking for you now, but that doesn’t mean it has to continue to tick. Here’s what we suggest.
If you want your employees to know how to avoid cyber threats, then you need to train them how to do that; it’s not something people naturally know how to do. This will require planning on your end, but it’s well worth it if it means avoiding a data breach or nasty virus.
Plan for quarterly training sessions and consider distributing research papers and articles on prominent cyber threats and concerns. If you have an IT provider, ask if they’d be willing to speak with your staff on the fundamentals of online security and social engineering. Most IT providers would be more than happy to assist because they want to avoid security issues just as much as you do.
Again, you can work with your IT provider here, but whether or not you choose to do that, you need to establish legitimate processes and protocols to preserve the security of your network and all of its data. These processes should take into account passwords, on-the-go work, emailing, payment approvals, and much more. For example, you can outline how many letters, capitalizations, and special characters you require for each password.
It would be unwise of you to question the importance of these processes. Just last year, Mattel failed to follow a security process set in place for payment approvals. As a result, they fell victim to a phishing scam and sent nearly $3 million to a hacking group in another country.
Like we discussed earlier, as technology changes, so too will the threats. Because of this, whatever you teach your employees and any processes that you establish will have to change, as well. This can be extremely challenging for smaller businesses, because it requires a great deal of dedication and time.
You’ll need to stay on top of the latest threats and remain adamant about changing documentation and retraining associates. This is why it’s a good idea to distribute information about prominent threats on a consistent basis. It will keep your employees well-versed in online security while you’re in-between quarterly training sessions.