How much cyber security training are you doing? Is it even on your radar? Hardly a month goes by now that we don’t see something in the news about another company being hacked. And if you believe what the experts say, what we hear about a fraction of what’s actually going on. So I ask again, “How much cyber security training are you doing?”
There are many threats businesses face. Malware, phishing attacks, SQL injection. These are just some of the threats you need to be aware of. But cyber security experts will tell you that the greatest threat to your business lies between the chair and the keyboard – your people. The only way to reduce that threat is to make sure your staff has been trained in what to look out for and what to totally avoid when working in the digital world.
One of the greatest threats that your business will face comes through the e-mail to your staff. Whether it is a phishing attack or malware that’s included in attachment, your staff needs to know what to look out for. Some hackers have become very creative. They can create an e-mail that looks exactly like it came from you, from your bank or from the accountant. But if they have been trained to look for the subtle signs of hacking, you can reduce the threat that these e-mail attacks will have on your business.
Estimates vary some but it was about 2015, when people’s primary access to the Internet switched from desktops to mobile devices. Today the estimates in some places are as high as 70% of people access the Internet via their phones or tablets exclusively. Many people believe that just because they’re on their phone, they have to worry about digital or cyber security. WRONG!! Hackers have learned to go where the money is. You do the same thing your business, you look for where the greatest potential for reward is. That’s where you spent your time and your effort. Hackers do the same thing. Since most people are accessing the Internet from a mobile device, hackers are now focusing more on mobile devices then on desktops and laptops. Do your mobile devices have an antivirus program installed? Are you using lock screens on your mobile devices? Do you have passwords readily available to anyone who would pick up your phone or are they in a secure app? Not only do you have to train your people in e-mail security. You also need to train them in mobile device security.
While the threat of attack on devices themselves is less than it was 20 years ago, that threat does still exist. Remember back to the attack earlier this year on Windows XP machines – specifically in the healthcare industry in England? They were attacked by something called Ransomware. If you don’t recall what it is, Ransomware is a piece of malware that can be installed on a computer or server that will lock down that machine until a ransom had been paid and you either receive the unlock code or the hacker unlocks it remotely. That whole attack started it because there was a venerability in Windows XP. Newer versions of Windows had already patched that hole, but XP was out of maintenance support and so did not receive the patches. That same situation applies not only to your computers and laptops but also to mobile phones and servers and website and anywhere else you have technology running. One of the favorite attacks hackers will do to a website is something called the SQL injection. A SQL injection works by entering a series of letters and numbers – basically computer code – into a data entry spot on your website. Someplace where you would ask for their name or their user ID. Then when they hit enter or submit it will allow a hacker to access your data file. All of your data files. That’s all of your customer information – names, addresses, phone numbers, anything you collected from our website or entered into the database from the back side. This should bring to mind some of the stories you’ve heard about stores and insurances companies and government agencies that have been hacked.
While yes, you do need to keep your devices up-to-date, greatest threat again is your people. The greatest antidote to that threat will be the training your people have about how to recognize and deal with threats to your business. Three basic steps you should take to reduce the chances of a cyber-attack on your business:
- First, assess your business’s assets. That includes an inventory of your hardware, training that you have for your people, and action plans that you have in place now to mitigate damage from a cyber threat.
- Second, scheduled trainings for your people to ensure that they can recognize and avoid threats to your business and your digital systems.
- Third, insure that routine maintenance of your hardware and software is scheduled and run. To many times people schedule updates or back-ups and never go back to make sure they really ran and completed the task.