The Human Element of Cybersecurity

How Your Staff Can Make or Break Your IT

A friend of mine who runs a home-organizing business reached out with a tale that follows an all-too-common storyline. “I was waiting for a package that was being delivered by the post office when I got an email with USPS in the title, saying I needed to give them a call.” she said, “I picked up the phone, and this really nice guy starts verifying all my information to make sure I am who I say I am, and then he says all he needs is my tax id number and to put a credit card on file so that they can release the package.”

Fortunately, her inner cybersecurity radar tripped, and when she looked at the email more closely, she realized that she was not talking to the post office, but to a scammer.

Hackers that specialize in socially engineered cyberattacks send out millions of these emails daily, knowing that some percentage of them will land in the inbox of a person who is expecting a package from the courier listed, have a bank account with the bank that is mentioned in the email, whatever. I’m sure you’ve seen them. This simple brute force tactic is responsible for untold losses daily, and similar approaches are used to gain access to business databases and workstations.

These attacks are challenging for the IT team to eliminate because the email itself does not contain any vicious code that a cybersecurity tool can detect, there is only a phone number that the unsuspecting person calls and is then duped into giving away critical information to the attacker.

While most of the responsibility for your company’s cybersecurity falls on the IT department, the rest of the staff must  also be trained to spot cybersecurity threats and know what to do when they see one.

Here are a few practices everyone should keep in mind.

  1. Enable Two-Factor Authentication: This should be on the top of everyone’s to-do list. Enabling Two-Factor Authentication on all of your sensitive online info is one of the best ways to lock down your information. 
  2. Do All The Techie Things: Anti-virus software and offsite data backups should be a given that your IT department takes care of. If you don’t have an IT department, do your research or get some help so that you can get the right cybersecurity tools in place.
  3. Be a Phishing-Savvy Skeptic: Cybercriminals are very good at emails and phone calls that impersonate business partners like banks, insurance companies, and couriers. If you get an unsolicited email or phone call that looks like it might be from a trusted business partner, make sure all the contact information lines up and reach out directly to that partner. Preferably to someone you know personally.
  4. Know Who You Are Talking To: When you get an email or phone call that looks legit but you don’t know the person you are corresponding with personally, it’s a good idea to verify their identity before giving away any critical information.
  5. Leverage Your IT Team: When in doubt, ask for help! IT professionals are trained to spot phishy emails or calls and should be able to help you ensure that you are not divulging sensitive information to the wrong person.

The truth is that no cybersecurity system can guarantee that the hackers will not find a way to get into your system. And while the job of protecting your business from most of the attacks is the responsibility of the IT team, everyone in your organization has a role to play. If you need help ensuring the safety of your office IT system, feel free to schedule a free consultation with me and I’ll be happy to see what I can do to help.