Employees: Cybersecurity Assets, Not Liabilities
Posted: February 24, 2017 to Cybersecurity.
Businesses are often needlessly victimized by cybercriminals, due to small yet costly employee mistakes that could have been avoided with just a little bit of education and training. Below is information employees should know in order to make them assets to your cybersecurity team, as opposed to liabilities. Cybercrime Awareness It is crucial that employees are up-to-date on the lastest malware trends.- Ransomware. 2016 saw the dawning of a new Malware King - Ransomware. But what is it exactly?
- Ransomware is malicious code that is downloaded to a computer or device.
- Once installed, ransomware targets certain files and/or data for encryption that cannot be unlocked without a decryption code. That information will not be released for use until a ransom is paid.
- Trending: While ransomware’s initial primarily victims were individual PC owners, the current hacker trend has seen an increase in scams targeting hospitals and/or financial institutions; not only do the small businesses have access to greater capital, but, as in the case of the healthcare industry, the hijacked device could even lead to health complications, or even death if not released in a timely manner.
- IRS Form Scams. The IRS has made it no secret that they are battling hackers who are using HR and Accounting departments at businesses and institutions alike, to amass the legitimate tax data they use to file false claims.
- Definition: Phishing is the general terms used to described hackers that cast a large malware net, looking for anyone who will bite.
- Tactics:
- Embedding viruses into fake websites that look like the legitimate site.
- Sending emails from legitimate-looking vendors/people that contain malware in the emails and/or direct the user to the fake site.
- Setting up an email address that looks like it came from the CEO or the HR/Accounting Departments, requesting that personnel send tax information immediately.
- Receiving a phone call from a hacker who is pretending be someone in “Tech Support” that requests sensitive information in order to “fix” a “problem.”
- Regularly updating passwords
- Disabling remote access when not in use
- Setting up drills so that your employees know how to react if there is an actual attack
- Ensuring that employees only used approved data storage devices so that IT is able to control any potential breaches. As mobile devices become more prone to hacking, more stringent rules should be in place about connecting any device - no personal devices (including cell phones) should be allowed to connect to the employee’s work computer.