As a small or medium business, you are concerned with what you need to do, which rightfully so, is all about your business! But while you are managing your employees, customers, products, and bottom line, who is watching the gates? Security starts and ends with everyone in your company being aware of how to behave like they are personally responsible for the company’s security.
Your employees have their own lives; they have Facebook, they watch cat videos on YouTube, they send text messages from their phones, and they email family and friends from their personal accounts, all from company resources. There are inherent dangers to this, perhaps more than you realize.
A single user logs in to a company computer, and opens Chrome or Firefox to their Gmail inbox, and they also open Facebook. While they are working, they are managing their daily lives as well. One of them clicks on an email from what appears to be their email contact to look at a file or click on a link. Wham! That email wasn’t actually from their email contact, it was well-crafted spam. Their company PC is now infected with malware. Behind the scenes, that malware is now collecting other computers their PC connects to, customer databases, moving to other coworker PCs, and collecting their information as well. Within a short amount of time, almost every PC is infected, and the bad actors have a treasure trove of information about you, your employees, their passwords to your internal systems, your customer data, and your company secrets.
The bad actor might try to exploit your business, locking all of your PCs using cryptoware, making all of your data inaccessible unless you pay them a large ransom. Possibly the bad actor will find some of your user’s social data, and start a social engineering campaign to learn their habits, and blackmail them in to divulging company secrets.
Scared? You should be. This type of behavior happens every day.
But what can you do? The front line of cyber security is awareness and education. If your employees practice safe behaviors, know how to spot phony emails, and suspicious phone calls, you can thwart the attacks before they start. This type of training and education should start right NOW before you are in trouble. You shouldn’t decide to go to school only once you apply for a job and turned down due to a lack education. The same applies here. Education and awareness are preventative measures.
As the cyber security industry changes, so should the training. A good practice is to have a solid cyber security training program for all new employees and a refresher program every six months.
A custom tailored program works best to reach your employees and management staff, and should be as important as skills training or HR policy signing. After all, it is the fundamental security of your business that is at risk!
Want to know more? Contact us today!