Cybersecurity protection starts with common sense and education
The administrative assistant to the CEO of a manufacturing company receives an email with her boss's name in the subject line, asking her to forward three dozen employee W2s to him. Believing the request to be legitimate, she complies.
Across town, an account manager sees an email from a "bank," with an attachment claiming to contain important information to update a bank account. He clicks on the attachment, expecting to see the details of the account, but instead the screen freezes and the trouble begins.
In both cases, the emails appeared legitimate but were not; they were the clever ploys of hackers, who are increasingly more and more sophisticated.
In the case of the manufacturing company, the well-intended administrative assistant has just exposed sensitive financial information of three dozen employees to hackers who will most likely steal identities and cause a world of problems - not to mention placing the firm in financial jeopardy for failure to protect sensitive information. With the account manager, clicking on the link allowed hackers to infiltrate the company network. In each case, it's likely that hackers will cause even more damage, including rendering the company data inaccessible and making ransom demands.
Cybercrime is big business for hackers. Millions of cyber attacks are launched against businesses each year, and the financial cost to companies is in the billions.
Smaller business owners may feel a false sense of security because the cyber attacks we hear about in the news are against larger companies.
But smaller companies are just as vulnerable - maybe more so.
Sometimes business owners will feel that they've "got it covered" because they have the latest security updates. And that is certainly important.
That of course includes the strongest firewall protection, the latest anti-virus and anti-malware protection, and, regular monitoring to make certain the infrastructure is protected.
But all the protection in the world is not enough - it's only as good as the education and training level of the people who use the infrastructure. In the case of the account manager and the administrative assistant, even if their company systems were protected, their actions would have compromised their respective company's infrastructure.
Employee training and education is the cornerstone to protecting a company's security. Human error is what too often opens the door for hackers.
Every business - no matter how small - should implement a training program for employees. Here are a few items for every business to remember:
1. "If in doubt, verify." When you receive an email that seems even somewhat suspicious or out of the ordinary, verify it. The administrative assistant should have called the CEO to ask, "Did you really request these W2s?" Be certain that everyone on your team understands this. Caution should rule the day!
2. Do not open attachments or click on links unless you are certain they are legitimate. When in doubt, contact the sender either by email or phone. Unless you are sure, do not open it.
3. Be very cautious when it comes to allowing the use of employee tablets, iPhones and other devices to access company information and data. If one of your employees accidentally clicks on a link on his/her iPhone, and your company network is on the site, it could result in compromised information.
4. Passwords should be upgraded and changed regularly.
Because hackers are increasingly savvy about hacking into passwords, use longer and more complex ones. It's amazing how many companies use passwords such as "123456." Establish a protocol for changing every 45 days, including numbers, symbols and other characters that will make it more difficult for someone to hack into your system.
5. Train employees on cybersecurity practices. Quarterly reviews of policies and "routine" security announcements - whether at staff meetings, through emails, or notification through payroll or other interoffice communications, are all straightforward ways for keeping cybersecurity concerns top of mind.
There are many steps you can take to make your infrastructure more secure. These are a few starting points. Stay vigilant, be informed, and partner with the right IT firm to keep your information safe.
• Chip Miceli is president of Des Plaines Office Equipment, with three Chicago area locations and several in Indiana. The firm has expertise in information security and managed print services.