Don Sesler, The Technology Whisperer: As the owner, I have the honor of leading a team of super-smart individuals who share my passion for helping entrepreneurs and business owners not fall victim to complex technology challenges that can kill productivity. We want to tame your technology so that it works for you and not the other way around. What technology problem is making your life more complicated than it should be? Reach out to me and tell me your story.

Cybersecurity Starts With Humans

How Your Staff Can Make or Break Your IT

A friend of mine runs a small home-organizing business and recently got an email with “USPS” in the subject line just as she was waiting on a package. The message included a number to call. She picked up the phone, and a helpful-sounding man on the other end started “verifying her identity,” asking for her tax ID and a credit card.

Fortunately, her gut instinct kicked in. She hung up and avoided the trap.

Hackers that specialize in socially engineered cyberattacks send out millions of these emails daily, knowing that some percentage of them will land in the inbox of a person who is expecting a package from the courier listed, have a bank account with the bank that is mentioned in the email, whatever. I’m sure you’ve seen them. This simple brute force tactic is responsible for untold losses daily, and similar approaches are used to gain access to business databases and workstations.

This kind of socially engineered scam is brutally effective because it plays on timing and trust. No malware, no suspicious links, just a phone number and a human on the other end manipulating emotions.

The “genius” of these attacks bypass firewalls, antivirus tools, all the things we IT folks put in place, leaving you and your staff as the last line of defense. This is why it is crucial that everyone on your team learns how to spot cybersecurity threats and know what to do when they see one.

Here are a few practices everyone should keep in mind.

  1. Enable Two-Factor Authentication, Your First (and most important) Line of Defense: This should be on the top of everyone’s to-do list. Enabling Two-Factor Authentication on all of your sensitive online accounts is one of the best ways to lock down your information. 
  2. Make Sure All The Foundational Defenses Are In Place: Anti-virus software and off-site data backups should be a given that your IT department takes care of. If you don’t have an IT department, do your research or get help to ensure you get the right protections tools in place.
  3. Be a Phishing-Savvy Skeptic: Cybercriminals are very good at emails and phone calls that impersonate business partners like banks, insurance companies, and couriers. If you get an unsolicited email or phone call that looks like it might be from a trusted business partner, make sure all the contact information lines up and reach out directly to that partner. Preferably to someone you know personally.
  4. Know Who You Are Talking To: When you get an email or phone call that looks legit but you don’t know the person you are corresponding with personally, it’s a good idea to verify their identity before giving away any critical information.
  5. Leverage Your IT Team: When in doubt, ask for help! IT professionals are trained to spot phishy emails or calls and should be able to help you ensure that you are not divulging sensitive information to the wrong person.

The truth is that no cybersecurity system can guarantee that hackers will not find a way to get into your system. And while the job of protecting your business from most of the attacks is the responsibility of the IT team, everyone in your organization has a role to play. If you need help ensuring the safety of your office IT system, feel free to schedule a free consultation with me, and I’ll be happy to see what I can do to help.