Shut the door on cyber attackers, starting today.
There is a lot of hoopla surrounding cyber risk right now. The average citizen thinks that the entire network is going to crash, taking out key infrastructure and stealing sensitive information.
Hackers from China and Russia are scaling the walls of our network firewalls and there is a raging “cyberwar” going on. It is just a matter of time before they penetrate and take us all out.
True, some of these things could happen. But scaling the walls is not the way they get in. They get in because our employees unknowingly open doors for would-be hackers.
Here are 3 Steps to Shut the door on Cyber Risk, NOW!
1. Educate your employees on the methods that hackers use to gain entry into your systems.
Hacking is not that complicated. Most hackers use social engineering to gather information about users in order to create legitimate looking “Trojans” (false links on legitimate websites) for users to click.
Or they use “Phishing” where a user is given an email with an attachment that introduces malware into your system.
Showing your employees examples of common attacks such as Phishing, Spear Phishing, Trojans and others improves their ability to detect these common tactics.
I am on LinkedIn. Last week I received an email in one of my lesser used email accounts from a person, whom I have never met, who wanted to connect. We did have a common affiliation (we are both in the military), but I didn’t know the person. This was my first clue.
My second clue was that the request went to the wrong account, email notifications normally go to my main account. I went to LinkedIn to see if the connect request was on my webpage (it was not). Further, I looked up the person and they did not exist.
The social engineer hackers were counting on me to make a quick, thoughtless click on an email.
2. Educate your employees on ways to protect their identities.
When employees share information about themselves, they are giving hackers information they will use for social engineering.
It would be impossible to ask them not to Tweet or use Facebook. But perhaps they can limit the number of people who have access to all their information.
3. Ensure that your IT department has good policies and is up-to-date on all patches and software.
This goes without saying, I know, but the Director of the Office of Personnel Management is now looking for a job because she assumed her IT department was on top of things.
When was the last time you had a Certified Information Systems Security Professional (CSSIP) qualified person audit your IT department?
Protect your company against the most common and prevalent cyber threats. While the media might be hyping Cyber Armageddon, the real threat is more low level and personal. Arm your employees with good information to improve their skepticism and your IT department with appropriate policies to ensure a strong network.
Latest posts by James Rollins (see all)
- Worried About a Cyber Incident? Here’s How to Prepare - October 8, 2017
- Training Pipelines: 7 Ways to get your training investment to stick - February 12, 2017
- Dialing 911: 5 Things You Should Know About Cyber Attacks - January 19, 2017