Fixing Your Weakest Link: Your Employees

By June 15, 2021Uncategorized

We have some bad news for you. Currently, many businesses fail to realize that network security is more than just protecting the path to valuable data. Business owners don’t realize that an important factor in protecting their network resides with human involvement and how well they are trained. 

Two things aren’t going away in any business: employees and security threats. Make sure that you’ve taken care of everything you can to avoid falling victim to these attacks. 

You can have every piece of security hardware available: firewall, backup disaster recovery device, and even anti-virus. However, your employees will still be the biggest vulnerability in your organization when it comes to phishing attacks. Is it possible to mitigate this risk? 

Ask yourself these questions: Do your employees know how to protect your network and all the data within it? Can they spot a malicious email or link before clicking on it? Do your staff members know how to secure your digital information from social exploits by sophisticated hackers? Are you using an outdated operating system that is no longer supported? 

In this blog we’ll offer you some tips on password creation, training your employees, and how to spot a malicious email. These are key factors to the security of your database. One breach, one crack in your security and you may fall victim to stolen data, ransomware, and the possibility of closing your doors. 

Here is a list of some of the things you can do to protect yourself: 

Create and Strictly Enforce a Password Policy:  

Passwords should be complex, randomly generated, and replaced regularly. To test the strength of your password, go to howsecureismypassword.com. (This is a perfectly safe service provided by a password protection platform. The program tells you how long it would take a hacker to decode your password.) 

When creating your new password policy, bear in mind that the most prevalent attacks are “Dictionary Attacks.” In other words, this means most people use real words in their passwords. Hackers will typically try scanning common words before trying a brute force attack. Instead of using words, use a combination of letters, numbers, and symbols. 

The longer the password, the stronger it is.  

A password of 8 characters or more is a safe place to start. Also, while it’s difficult to remember passwords across different platforms, try not to repeat passwords. This will protect all other accounts in the event of a breach on one of your accounts. 

Train and Test Your Employees Regularly:  

Educate your employees on how they can spot a phishing attack. Then, utilize penetration testing (this is a safe phishing attack orchestrated by us to see how employees respond) and how well they do. If employees fall for phishing attempts then send them through training again. We recommend doing this every quarter to ensure that your employees stay on their toes. Also, always provide education on the latest wave of phishing attacks. 

Protect Mobile Phones:  

You can safeguard as much as humanly possible on your network, but your employees are all walking in with cell phones that connect to any available WIFI. Are they allowed to get work emails on their phones? What about gaining access to the network remotely? Cell phones create a hole in security without proper mobile device management and mobile security. 

Perform Software Updates Regularly:  

Make sure your software is up-to-date with all the latest security patches. Holding off on updates means you’re leaving yourself open to vulnerabilities that have been discovered and addressed. 

Invest in Security:  

Security is not something to avoid for cost savings. Home-based hardware is not sufficient either. At the very least you need a quality firewall and backup device. Invest in your employee’s training, ongoing security updates, and maintaining a full crisis/breach plan. And your team members should know how to recover data in the case of a breach or outage. 

 

Attackers often use phishing to attempt to steal login credentials or deliver ransomware. Phishing is a type of scam that involves targeting victims with legitimate-looking messages that contain malicious links or infected attachments. Since the recipients think the email comes from a trustworthy source, they’ll download or open the attachment which will then become a disaster for your company. 

Your network security should monitor the emails you receive, and flag you to not open attachments unless you’re absolutely certain of the source. In case there’s any doubt, always train your staff to verify the authenticity of the message with the sender. 

The bad news is that cybersecurity and ransomware attacks are on the rise. Hackers are getting bolder, attacking government agencies, large corporations, and even whole cities. Even college students are falling victim to these threats. Hackers will either take passwords and login info and sell it, or they’ll take personal data and threaten to reveal it. Embarrassing photos and videos can cause a lot of problems. 

The good news? With proactive monitoring from your cybersecurity, and by regularly training your staff, you can stay one step ahead of hackers and their phishing attempts. And with us just a phone call away, you can rest easy at night knowing you’ve got a team of professionals protecting your data. Contact us today!

 

ICS Now

Author ICS Now

More posts by ICS Now

Leave a Reply