Fuelled Networks’ “Don’t Be A Phish” Lunch and Learn event brings phishing concerns to the forefront of IT security.
We recognize the time and expense everyone has put into security firewalls, DNS, antivirus, and secure wireless – and while that’s all well and good, we’re now seeing new trends that make it clear that end-user education is the key to securing your perimeter.
The need to make local businesses aware of how important their employees are to successful cybersecurity was the reason we made phishing the topic of our March 14th Lunch and Learn event.
Attendees were given a lesson in phishing tactics 101 and presented with valuable insight and tips to help them better defend their businesses against this growing threat.
However – since space was limited, we know that there are many fellow business professionals who were unable to take part. So, we’re going to share the highlights of our presentation with you now.
Don’t Be A Phish – Learn To Spot Threats A Mile Away.
We all know that to protect our businesses, data, and brand, we need multiple layers of security in order to mitigate risks to our business. Examples of some of these layers are Firewalls, antivirus software, and spam filters to name a few. But what a lot of people don’t realize is that the weakest link in our security is our end users – our human firewalls.
The bad guys used to most commonly try to gain access through software and hardware vulnerabilities, but as our propeller heads continually improve the security of our hardware and software, making it harder for the bad guys to get access, the bad guys looked for an easier way. That way is your end users.
As scary as that sounds because we are aware of it, we can do something to prevent or at least mitigate that risk; train your end users. And just like your other security defenses are patched updated on a regular basis, you must train and test your end users on a regular basis.
It used to be that business relied on tech only. Once the infection manifested itself, we counted on a technician to fix the problem and clean the systems. This approach is reactive, and we all know that we need to be proactive where the health of our networks is concerned.
Everybody has good intentions, but they’re busy and sometimes don’t stop to think. Phishing is the most common practice with Cyber Criminals because of this simple truth. These hackers send you emails purporting to be from someone you know or a reputable company to entice or scare you into an action to gain your sensitive information. And I need to emphasize that they don’t just target us via email, but telephone and text also.
Say for example an email comes in from your boss asking you to send a document with sensitive information ASAP. Well, we never want to disappoint our bosses, so, we send it out. We want to get it done, and we want to move on to the other things on our minds and our task lists. We don’t stop and think “Why is he asking this of me, he never asks these things over email. Why the urgency?”
When a system is infected, your end user stops working and is idle, and not doing the work you have contracted them to do. Add to that the cost of re-imaging their system, and there is ample incentive to make sure they don’t fall for these scams. And it can get even worse from there. That infection can spread throughout your network, bringing your company to a standstill. You lose revenue, your brand can be tarnished, and you could also lose your customer’s trust.
Quite often, it is not what you know has happened to a system or network, but what you don’t know is there that can cause the biggest problems. Little ticking time bombs waiting and gathering information. You really need to do everything possible to mitigate the risks that phishing and social engineering can cause. From a legal perspective, you need to show that your people have been trained and that you have done your due diligence. In order to avoid potential litigation, it’s essential that organizations can demonstrate that they have taken the necessary steps to ensure their data is safe. These steps include but are not limited to:
Most SMBs feel they are too small to be a target, but this couldn’t be further from the truth. SMB’s are a major target for the bad guys. They may not want your data, but maybe they want to use your network resources or want access to your vendors. If they get access to your vendors through a breach coming from your network, your vendors could be compromised and that could violate agreements and partnerships and open your business up to litigation.
Take what happened to JP Morgan Chase as an example. There were many ideas of where the attack originated from, one of them a supplier they did not vet properly. So now, all their business partners and suppliers go through a rigorous check and must have everyone in the company trained and given security clearance – even the guy that fills up the chocolate bars in the vending machine. They spent millions getting this accomplished, not to mention all the other fines and costs involved in the breach.
This is why proper training is so important. When the training is engaging and interactive, your users learn more and retain more, and it stays clear in their minds. Thorough training, strong password protocols, and strict security and email policies can make your business much more difficult to target successfully.
Want to learn more about the IT security solutions and training resources available from Fuelled Networks? Contact us at (613) 828-9482 or firstname.lastname@example.org.