By Joy Beland
When developing Cyber Security initiatives, many businesses focus on protecting their network infrastructure and device endpoints. After all, that’s where cybercriminals usually gain access and wreak havoc first on a company’s digital access.
But it’s also important to consider what happens when a threat bypasses perimeter defenses and targets an employee in the form of a malicious email or text, or even a voicemail that might prompt the employee to respond with confidential company information.
Most people still don’t realize that small to midsize business (11-100 employees) are 15x more likely to become targets for cyber-attacks. Imagine walking into your office one morning to discover your computer network was breached by a hacker, exposing – or STEALING -- not only your company’s data, but also your clients’. Imagine the embarrassment of having to notify your clients that their personal information may now be in the hands of cyber-criminals. Operations could be severely limited for days, possibly weeks. Your data could be corrupt to the point of being useless. Clients lost. Potential lawsuits and government fines for violating data-breach laws.
We actually had an experience with Ransomware 3 years ago where a client of ours had their home computer data encrypted. He didn’t consider the home computer important enough to have us provide the security tools, monitoring and backup that we provide for his business … but there he was, staring at a screen that said he would have to pay a ransom of nearly $800 if he wanted his data back. What was on that computer? Every photo of his 2-year old daughter since birth, all of his personal financial data and his taxes for a dozen years. We went through the process of paying the ransom, retrieving the encryption key, restoring and scrubbing the data, replacing the drive, restoring all of his software and data, then configuring our tools with monitoring and backup for him.
That was a wakeup call for us and made us shift our mission and values to bring a more in depth security focus to owners and staff members of small businesses, as employee education and training can greatly reduce the chances of a company getting breached.
In that context we started presenting about Cybersecurity to some of our clients, and our Cybersecurity Staff Training was born. These sessions are usually 45-60 minutes long, fun and interactive. Most of the companies make it mandatory for their entire staff to attend. We usually touch on company culture in reference to IT security and help the staff to understand what are the vulnerabilities and threats to their everyday work and business operation.
Here are some of the topics we usually discuss:
- The severity of data breach and what it can mean to your business
- How to properly review emails before opening them (sender information and attachments)
- How to perform a safe search online
- Security and privacy settings for mobile devices
- What should your incident response plan be
- Other IT Security suggestions
If you want to get this conversation started with Pink Hat Technology Management, please visit www.pinkhattech.com/staff_training/ for more information.