Social media has many uses for your business. It is not just for interacting and…
Cyber Attacks: 5 Ways Small Businesses Can Protect Themselves
Could your business afford to lose $10,000 or perhaps $29,000? We hear a lot about Ransomware attacks. However, email initiated fraud is a significant issue for businesses both small and large. Recently, with its public accountability procedures in place, a local government agency paid out over $450,000 in an email based invoicing fraud.
The seed for these business attacks comes from personal or business information being stolen. Like the recently delayed announced by Yahoo where information from 500 million client accounts is now for sale.
Businesses now employ better physical barriers to malicious threats. With IT service providers and Internet threat providers developing strategies to mitigate the damage from blunt intrusion by ransom and malware attacks. The area where businesses remain vulnerable is through the social engineering tools directed at staff within the business operation.
In 2016, each business email account receives on average 90 emails per day, 76 are genuine business communications; (Radicati Group report 2015). The technique scammers use to target business are through the ordinary business users. Most of the scam email in the 350 weekly emails come from what appear to be trusted sources.
Using social engineering techniques scamming criminals will attempt to infiltrate the target. The reasons for the “hacking” of the target business might be to “ransom” the business data by encryption, to defraud the business through fake payment authorisations or to gain trusted access to ransom or defraud business partners.
From personal experience, it is embarrassing to have a business owner and friend call up and say that he lost money to a scammer. The fraudster was gaining their trust through an email from a hijacked account in my company.
As a technology consultant, I help owners address the 3 principle business network security requirements; workflow to manage authorisations, procedures to address security breaches and, the most overlooked area of all, the training of staff to identify social engineering attacks.
You and your employees are the weakest links in your network security. Whether through personal or work related stress or just a brief lack of attention. Disaster is just a click away.
There are tell-tail signs in emails of a social engineering scam, here’s how to help employees defend themselves:
1. Review staff knowledge of scamming, using the “Red Flag” email checklist and cover off the 7 components;
- From Line; is the email from a known contact or outside my personal or business circle
- To Line; to me only or part of a CC list
- Date; did this email come in business hours
- Subject Line; is it relevant to the content
- Content; is the content business like or needs some link action, has the correct language
- Hyperlinks; embed links in the email is not to a reputable site or doesn’t match business site
- Attachment; mismatched attachment types to what is expected e.g.; .exe, .zip,
2. Test the employees through freely available benchmarking tools, from suppliers like KnowBe4 and Wombat.
3. Develop an employee incentive program to continue the security improvement process.
4. Update new employee onboarding to include a social engineering information program.
5. Establish web, internet and social media policy employee agreement.
These five actions will raise the awareness of employees to the nature of phishing hacks. With effective security awareness training, there is typically a 14% reduction in the likelihood of an employee succumbing to a scam email.
Training programs are run over 3 to 6 month periods. However, the best long-term results come from a 12-month program. These programs include self-paced online training in an electronic learning environment. Followed by regular reporting of the employees improved ability to detect and resist these bogus email scams.
The benefits to your business are, the employees have a positive interest in the security of the business. Staff development benefits allow employees to present a positive view of security to your customers. Because the results are measured and reported over time, employee incentive schemes and competition reward programs improve staff retention.
Contact your IT Security advisor or go to sites like Knowbe4 or Wombat for the programs available. If you wish to get further information or support just link to Security- Reducing the Human Error.
“The opinions expressed by Smallville Contributors are their own, not those of www.smallville.com.au"
SHARE THIS ARTICLE WITH LIKE MINDED SMALL BUSINESS PEOPLE