Cyber Security
An enormous amount of money is spent annually by companies to protect their IT Systems from Cyber Security threats. We are too reliant and trusting on systems to protect us. There is one significant threat that is often overlooked, and not often suspected; ourselves.
Things never go wrong at the moment you expect them to. When you’re completely relaxed, oblivious to any potential dangers, that’s when bad things happen.
– C.K. Kelly Martin
The Full Scoop
A 17-year-old was arrested this past week. He was involved in a hack of Twitter accounts for some of the worlds most high profile personalities. It is astonishing to consider that a teenager could have orchestrated such a sophisticated attack on a major technology company. It is also disheartening to realize that the individual likely possessed considerable talent, had their energy been directed differently.
The attack according to Twitter, targeted employees through the use of phone spear-phishing. Spear-phishing is where a bad actor specifically targets an individual or company, and through means such as well written and believable emails or social engineering over the phone; tricks someone into doing what they want. It relies and takes advantage of our natural desire as human beings to be helpful; in our resolve to complete a request or address a concern of an executive, fellow employee or client.
Daily Habits
Too often we become comfortable in our daily habits. Emails come in, we read them, click links, open attachments – but only of course from sources we know, right? We often forget that there are some individuals out there who seek to take advantage of our efficiency and sincere desire to help, as we are so focused on performing our day-to-day jobs, answering calls, assisting clients, and responding to requests from our boss.
IT Systems are becoming more secure, and vendors are spending more time hardening their platforms. Cyber Security costs Microsoft an estimated one billion dollars annually. However, even with all the cybersecurity measures in place, an employee from within your organization can render them useless. This can occur when a well-meaning employee, who has access to critical systems and data, is deceived into giving away information or fulfilling a malicious actor’s request. The vulnerability lies in the employee’s trust and unwitting participation, which can undermine the effectiveness of cybersecurity protocols.
As humans we fall into the trap of assuming the past will predict the future. We often suffer from the “it won’t happen to me” syndrome, referred to as Optimism Bias. We can wrongly assume our employees know what to look out for, or that our organizations aren’t at risk. I was speaking to the CEO of a mid-sized organization some years ago, who genuinely believed they were not a threat to attacks. He would say, “who would bother to attack us”. Yikes! Our own theories and experiences can hinder our progress.
Cyber Security Training
IT Cyber Security Training is important and a great reminder on the basics for how to protect your critical data. A large percentage of data breaches begin with Spear Phishing attacks. There are tools you can use as an organization to test your employees. Run your own Phishing tests on your end users. This will help you know who is really watching and being careful on what they click on and reply to throughout the week.
Remember, IT Training will remind your employees to be careful with the email attachments they open. To be more cautious when clicking on links, and if they are not sure, to manually navigate to websites instead. Do not give out passwords and avoid using shared accounts. When an employee leaves, be sure to review their system access and consider changing passwords or terminating accounts. When it comes to financials and especially wire transfers and vendor payments, establish “four eyes” controls that rely on two sets of eyes to complete a transaction. Be suspicious of urgent requests for system access or wire transfers, where your colleague or boss says they are not available for a discussion on the matter.
Fizen™
Review good principles of IT Security and Support with your broader user base. Training will protect you from potentially damaging situations and experiences. Remember that most breaches do not come from the outside, they come from within. Rely on training and a culture of strong Cyber Security to protect your organization. IT Providers can suggest modern recommendations for controls to implement. Good internal security will lead to excellent corporate security. Build security and awareness into the culture of your company. You will be glad you did!
Contact us anytime, we’d love to hear from you.