“Your company is at risk from ransomware even if you think you have nothing worth stealing.”
Your Employees Are the Weakest Link
You might say, “I can’t fire them, I depend on them, and they depend on me.” And your attitude is what makes you a great employer.
But here is the deal.
Your employees bring the highest risk to your business, but they aren’t doing it on purpose. They are frequently exposed to sophisticated phishing and ransomware attacks.
Employees need to be trained and remain on their toes with security top of mind.
4,000 Daily Attacks
You hear about these larger institutions all the time. What you might not know is that since 2016, more than 4,000 ransomware attacks have taken place daily, or about 1.5 million per year, according to statistics posted by the U.S. Department of Homeland Security.
4,000 ransomware attacks happen a day. If that is true, it is only a matter of time before it happens to you. While most organizations will ignore this, you are not like most organizations. Now is the time for you to take charge and fight back against Cyber-Crime. Protect your company today.
“It is only a matter of time before it happens to you.”
The Hacked Off Doctor
We got a call from a frantic doctors office. They weren’t a client of ours, but they were referred by a customer.
“Something is wrong with our network. Everything is running slowly. It’s been getting slower and slower over the past few weeks.”
We drive over to the office and begin looking at the system.
Long story, but I’ll try to keep it short, simple, and to the point.
As we got into the network, we found a hidden folder on their server. Deep, deep, deep in the server were folders full of pornographic material.
Someone had hacked into their server, stored potentially illegal material, and then served it to computers all over the world.
This was a doctor’s office. Do you understand the liability they had? Do you know how many HIPAA laws they violated?
And you ask, “How did the hackers get access to the server?”
93% of Data Breaches Are Linked to Phishing & Other Social Engineering Incidents
This statistic is from Verizon’s 2018 data breach investigation report. If you want to protect your company, then you need to train your employees in what Phishing attacks look like.
Most Attacks Are Directed at the Unprepared
You might think that attackers are looking for the wealthy and the famous, but in reality, they are looking for opportunities and your small business is ripe for opportunity.
Are you still reading?
It Will Never Happen to Me
Let’s put this misconception to rest right now. You might be thinking that you don’t have anything worth a hackers effort. “I don’t have any information that they want.”
Your data might not be valuable to them, but it is VALUABLE TO YOU!
The most popular type of malicious software is called ransomware, and I know of one local company with less than 200 employees who had to pay over $200,000 in BitCoin to get their information back.
$200,000!!! I don’t know about you, but that would crush most companies.
If you are concerned about protecting your company if you’ve seen the news saying that cyber-attacks are on the rise if you’ve implemented some safeguards already, but you know that it’s not enough; then you’re about to read the article you’ve been waiting for. The information you are about to read may save you $100,000 or more, not to mention, your reputation, your company, your employee’s information, your customer’s data, the loss of business – the list could go on and on.
How Do You Protect Your Company
First, let’s make sure you are familiar with some traditional security measures. These aren’t enough, but we will go over a few of them here.
Make sure your website is secure. You need a secure website that will encrypt data as it is transferred from browser to server. A website with SSL/TSL certificate is a must.
Are you running outdated but critical applications? We see this all the time. If you are not updating your software with the latest security patches, then your business is at risk. You are leaving an unlocked gate for a hacker to walk right in.
Backup Your Data
You need offsite data backup.
“I back my data up to an external hard drive and leave it in my office.”
What if your office gets robbed, or what if it burned to the ground? What if you have a flood? Needless to say, your backup needs to be secured in an offsite location.
When we work with a company, we backup their system ever 30 min. Why? If you do get hacked, then we can restore your network ASAP, and you will have only lost the last 30 minutes of data.
Do you have Multiple-factor Authentication setup?
You already know that you need strong passwords, but you really need to take it one step further. Before we move on – MAKE SURE YOU HAVE A GOOD PASSWORD POLICY.
Okay, now that you have a secure password (more on that later), you can’t stop there. You have to take it one step further with multi-factor authentication. If someone, including you, logs in to your system they will need to provide something else on top of a username and password, to verify that they are who they say they are.
I know what you are thinking right now!
“This is not convenient at all!!” Guess what – most of your employees will find this frustrating too. Unfortunately, security is never (rarely) convenient.
But that takes us to the next point…
Create a Culture of Security
If you want to see change, it has to start from the top. When management becomes dogmatic about security, the rest of your staff will begin to follow.
Antivirus Antispam Antispyware
Hopefully, you have already protected your computers with software to protect from malicious code and viruses.
Have you secured your Wifi network? Do you want your customers and or employees to be able to get on your Wifi with their devices? If so, create a separate guest network and hide your main network from prying eyes. Don’t forget to give these networks different passwords.
Along with securing your network, make sure you have a firewall installed ASAP.
A firewall’s primary task is to prevent unauthorized connections and viruses from entering your network. If an external system, user, or program wants to access your computer, it sends a request. If you have a firewall, the firewall evaluates the request, compares it to a list of authorized connectors, and takes action based on the status of the request and the firewall’s specific programming.
Strong Passwords (Back Again)
Do you have “YOUR” password, and is it one that you use on almost all of your accounts? That habit is dangerous because your information is sold on the dark web every day.
Thieves take your data from other hacks – your name – your email – your password and they sell it to individuals who are looking to break into your system. If you use the same password on every account, guess what, when they get to your system, they will have everything they need.
I can’t tell you how many times we’ve walked into an office, up to a work station, lift up the keyboard, and find a password. You might want to invest in a password manager.
Know When You Are Attacked
Familiarize yourself on what a hack actually looks like, and after you learn, share that information with your employees. It is valuable for your employees to know what a Cyber-Attack looks like.
You probably outsource several critical areas in your business already. You should also outsource your IT, and especially your cybersecurity.
It isn’t cost-effective or even possible for every small business to hire their own IT professional. Not to mention that there are more needs for cybersecurity professionals than there are people to fill those needs.
Choosing to try and solve these critical issues on your own will prove problematic for you.
- You don’t have the time to work on it.
- You don’t have the knowledge to solve it.
- You don’t have enough money to fix it.
It’s just better to outsource these things to professionals who have been there and done that, and it is much more cost-effective to outsource than to hire an additional staff member.
This List Could Go On Forever!!!
We can keep going. We can list out another 50 things you need to do to protect your company. And the truth is this, if you deployed all 50+ ideas, you are still at risk because of one factor.
There is one factor that can unravel everything you are trying to do!
The Human Factor
You can pay for the most expensive firewall.
You can have multi-factor authentication in place.
You can have the strongest password policy.
BUT IF YOU DON’T HAVE THIS IN PLACE, IT DOESN’T REALLY MATTER!
This is Our Point
You have to train your employees in what phishing attacks look like relentlessly. You can have every cybersecurity policy in place, but if you ignore this one step, you are sunk.
You have to have Security Awareness training and an Anti-Phishing solution because old-school security awareness training doesn’t hack it anymore.
Here is how you combat the Human Factor:
1. You need a system that will give you baseline testing.
You need to know what percentage of employees are prone to phishing, and it is possible to run a phishing test on your office so that you can get an idea of how vulnerable you are.
It’s been our experience across the board that more than 30% of the office staff will click on a phishing email.
2. Train Your Users
You need access to world-class training content that includes interactive modules, videos, games, posters, and newsletters. You also need to put your staff on automated training campaigns with scheduled reminder emails.
3. Phish Your Users
It’s time for you to go phishing. You need a system that will allow you to automate simulated phishing attacks on your employees, and they need to be sophisticated campaigns.
4. See the Results
The system that you use needs to give you reliable reports with graphs for both training and phishing. You need to be able to track the progress of your team and see if they are getting better over time.
Even though the data shows that 30% of your staff will succumb to a phishing attempt, you can cut that statistic in half in only 90 days by deploying new-school security awareness training. The news is even better when you follow these best practices for 365 days. It is possible to cut the percentage down to 2%.
Most organizations think they are okay.
The hack began on May 29, 2019, when someone in the local police department opened an infected email. The city first noticed something was amiss when its email system and phone service went down and 911 dispatch didn’t work, and now they are paying $600,000 to recover their data.
That’s what Lake City, Florida thought too. “It will never happen to us, we are a little town in rural North Florida,” and now they are paying $460,000 to get their information back.
It’s Not Fair
You are a good employer, and you run a great business. Your company employs people who take the money they make from you and feed their families. They invest money in their communities. They support charities, and they buy services.
Your company is what is right about the American economy, and it isn’t fair that a criminal can take all of that away with the click of a mouse.
Don’t become the next statistic in the Wild West that is now the Cyberworld. Do everything you can do to protect what you’ve invested in.