Human awareness is every organization’s best defense against the enormous risks of a cyber-event.

A survey conducted by the Federation of Small Businesses (FSB) in 2016 showed that, on average, a small business will be attacked four times every two years, costing them $4,200 per incident.

Small and midsize businesses tend to be optimal targets for cyber-threats, given their smaller budgets and common laxity in cyber-technology, policies and training. Every employee can immediately and significantly improve the security of their organization (for free!) by understanding and developing awareness around where and how cyber-risks intersect with their daily lives.

Although these three threats you are about to learn about just scratch the surface of the cyber-security threat landscape, they provide a good starting point for every employee to develop awareness and thereby improve the security of their company.

Phishing/Spearphishing

This is the type of threat Upward Technology sees most often currently. Phishing and Spearphishing are social engineering threats that prey on human error. In a phishing attack, a credible looking email arrives in your inbox and prompts you for action, like inputting your computer or Microsoft password. In a spearphishing attempt, the credible email is typically sent from someone above you in your org chart asking or directing you to take a specific action, most often “rush” wiring money.

The best defense against both these threats: suspicion.

If you take a skeptical eye to any such correspondence and generally assume that getting a second opinion before taking action is the safest path, whether it be asking your IT provider to verify if a request for a password is legitimate, or verifying via phone that the person asking for the wire request indeed initiated the request, you will greatly reduce the risk to your organization.

Bring Your Own Device (BYOD)

In our 24/7 connected world, employees have access to sensitive company and client data like never before. The topic of BYOD, which generally relates to using personal computer devices to access company data (from home, work or remotely) is too broad to address in this blog, but awareness will in-and-of itself improve security.

The risk with BYOD policies (or lack thereof) is that your personal computer likely has fewer and weaker protections than a managed work device, which means that you can inadvertently access and infect your work files. For example, by downloading a sensitive document to your home computer, which is infected, then uploading it back into your environment.

If you regularly use a personal device to access work (particularly if you have access to sensitive data), we suggest you reach out to the person responsible for IT in your organization or your IT provider to discuss a variety of protections that can be easily adopted to reduce your risk. Using personal devices to access company data unbeknownst to company leadership is a very bad idea.

Socially Engineered Malware

This very common “Trojan horse” threat typically starts with a compromised website the user visits regularly. When the user visits the site, they are prompted to install a new piece of software to access the website or run fake antivirus software or a “critical” program. The user is prompted to click past any security warnings emanating from the browser or operating system to disable any defenses that could block the threat.

Sometimes the Trojan pretends to do something legitimate and sometimes it will fade away in the background to start performing its rogue actions. Socially engineered malware programs are responsible for hundreds of millions of successful hacks every year.

Just like Phishing, the best defense is user-awareness, trusting the gut and a skeptical outlook towards anything unusual. If something looks even slightly off, pause and ask a co-worker or superior to weigh-in, or ask your IT provider. The few extra minutes it may cost you could save your organization tens of thousands (quite literally).

 

If your current IT provider is not taking the time to educate your team, your organization is at risk. If you are interested in a fresh approach to IT from a world-class team, reach out to Upward to begin the discussion.