If the frightening headlines about massive data breaches were not warning enough, upwards of 60 percent of all small and mid-sized businesses, reportedly shutter within six months of a systems hack.
The leading causes of nefarious systems incursions are reportedly caused by about 25 percent of valued employees repeating the same username and password across multiple platforms. But what remains even worse is that fact that as many as 95 percent of all small businesses lack adequate protocols to safeguard important company or customer information.
In the coming months and years, cyber threats are expected to continue to pose a grave danger to the health and well-being of small and mid-sized organizations. The question business leaders may want to ask themselves is . . . will you join the 60 percent of companies that did not recover from a data breach?
Strengthen Your Business Defenses
Many of the toppled 60 percent may wish they knew then what many know now. That is, the key to cybersecurity does not solely depend on having the best software protections. According to the National Cybersecurity and Communications Integration Center, and Department of Homeland Security, nefarious email remains a primary trap used by cybercriminals and DHS recommends the following safety procedures.
“Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.”
“Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.”
“Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you with their name and a call-back number. Just because they may have some of your information does not mean they are legitimate.”
As you can surmise, these cyber safety measures do not necessarily rely on the latest antivirus software or systems protections. Hackers continue to take advantage of human oversight and error to infiltrate organizations and pirate valuable personal data and intellectual property. Homeland Security also recommends that business leaders implement the following employee training and protocols to protect against data breaches via email.
Maintain Secure Passwords: Change passwords regularly and never share them or provide co-workers with access.
Verify Sources: Make certain that emails originate from people and companies within your network by contacting them directly for verification.
Nix Auto-Download: Never use automatic download options for email attachments.
Never Click On Links: Embedded links are a primary method used by hackers to trip up team members through ransomware and malicious viruses.
Strengthening a company’s defenses begins with employee training and awareness that data breaches are not reserved for significant organizations and Fortune 500 corporations. Hackers continue to troll for low hanging fruit and unsuspecting employees who make innocent mistakes.
Employee Cyber Security Training is Job One
Although ransomware attacks reportedly declined from 638 million in 2016 to 184 million in 2017, according to Statista, this method has been used to target a tremendous number of small and mid-sized outfits.
The common attitude among cybercriminals is that decision-makers will ultimately weigh the cost of paying the ransom against potential profit losses and do the math. Hackers understand that poorly defended organizations are likely to negotiate and pay up. That’s why valued employees must remain vigilant and be a sort of human firewall if you will.
Proactive industry leaders are tasked with training employees and also determining which team members could be considered at risk. An IT support team can utilize training videos, create a cybersecurity policy and implement it by working with groups and individuals. But once the hands-on work has been completed, it’s imperative that companies conduct ongoing cybersecurity evaluations. These are logical methods to consider.
Identify team members who could be best targeted by hackers.
Deploy unscheduled mock cyber attacks.
Create and release convincing but harmless mock ransomware links via email.
Require employees to complete cybersecurity training modules.
Require advanced training for those who are tripped up by mock cyber attack drills.
We may be living in a golden age of technology, but our everyday fallibility remains the threshold that cybercriminals use to break into our business systems and rob our valued customers and us of critical data. One of the primary ways to avoid joining the 60 percent who are out of business is to make team members aware of cyber dangers and provide them with the skills to combat cybercriminals.