Businesses are often needlessly victimized by cybercriminals, due to small yet costly employee mistakes that could have been avoided with just a little bit of education and training.

Below is information employees should know in order to make them assets to your cybersecurity team, as opposed to liabilities.

Cybercrime Awareness

It is crucial that employees are up-to-date on the lastest malware trends.

  • Ransomware.  2016 saw the dawning of a new Malware King – Ransomware.  But what is it exactly?  
    • Ransomware is malicious code that is downloaded to a computer or device.  
    • Once installed, ransomware targets certain files and/or data for encryption that cannot be unlocked without a decryption code.  That information will not be released for use until a ransom is paid.
    • Trending: While ransomware’s initial primarily victims were individual PC owners, the current hacker trend has seen an increase in scams targeting hospitals and/or financial institutions; not only do the small businesses have access to greater capital, but, as in the case of the healthcare industry, the hijacked device could even lead to health complications, or even death if not released in a timely manner.
  • IRS Form Scams.  The IRS has made it no secret that they are battling hackers who are using HR and Accounting departments at businesses and institutions alike, to amass the legitimate tax data they use to file false claims.

Hacker MO: Phishing

Just how are scammers able to get the the ransomware on and off the systems?  By being very, very sneaky.

  • Definition: Phishing is the general terms used to described hackers that cast a large malware net, looking for anyone who will bite.
  • Tactics:
    • Embedding viruses into fake websites that look like the legitimate site.
    • Sending emails from legitimate-looking vendors/people that contain malware in the emails and/or direct the user to the fake site.
    • Setting up an email address that looks like it came from the CEO or the HR/Accounting Departments, requesting that personnel send tax information immediately.
    • Receiving a phone call from a hacker who is pretending be someone in “Tech Support” that requests sensitive information in order to “fix” a “problem.”

Other Considerations

Ineffective Antivirus Software.  According to Virus Bulletin (VB), a leading Antiviral (AV) and spam testing site, both AV and anti-spam software are steadily falling behind the malware curve.  The site tests the detection rates and filter effectiveness of current AV protection, and the results are not encouraging.  In fact, detection rates have decreased by 10-13%, from right around 80 to less than 70% in the last 9 months.

Thank goodness for spam filters, right?

Wrong.

Ineffective Spam Filters.  VB tests found that one in every 200 emails containing malware makes it to an inbox, meaning that millions of inboxes are filled with potential threats every single day.

Increased Wireless Products.  With wireless devices becoming increasing popular and available, vendors are in a rush to get products to the market, often at the expense of user safety and security.  This can be especially dangerous for businesses.  Make sure your employees follow certain rules to ensure that their devices are not hacked: following these few simple guidelines can make all the difference:

  • Regularly updating passwords
  • Disabling remote access when not in use
  • Setting up drills so that your employees know how to react if there is an actual attack
  • Ensuring that employees only used approved data storage devices so that IT is able to control any potential breaches.  As mobile devices become more prone to hacking, more stringent rules should be in place about connecting any device  – no personal devices (including cell phones) should be allowed to connect to the employee’s work computer.

Conclusion

While it is true that all company’s employ human beings, and no human is perfect, staying abreast of cybertrend and sticking to basic rules is an easy way to reduce the likelihood that your business will become a victim of a cyberattack.

Comments are closed.