Network Week in Review: An Ounce of Prevention is Worth a Pound of Cure
This week’s title is a constant reminder and a true statement that we can use in all aspects of our life. Unfortunately, no one is exempt. A social media giant reminded us this this week to watch what you share and protect your passwords. When in worldwide crisis your passwords could mean the difference between spending your time trying to recoup finances and private data that’s been comprised.
The cold truth is that criminals don’t need to use malicious code or advanced hacking skills to get what they want. In reality, many of them target your biggest vulnerability: your negligence, or your very own employees. It’s a sad truth and can end in a DISASTER.
There are many things employees are doing – or not doing – that cause serious problems for small-business owners. Here are five things people do that allow hackers to waltz in through your front door.
- They don’t know better. Many people have never been trained in cyber security best practices. While some of us may know how to protect our network, safely browse the web and access e-mail, many people don’t. Believe it or not, people do click on ads on the Internet or links in their e-mail without verifying the source. This can be fixed with regular cyber security training. Call in an experienced IT security firm and set up training for everyone in your organization, including yourself. Learn about best practices, current threats and how to safely navigate today’s networked world.
- They use bad passwords. Many people still use bad passwords like “12345” and “qwerty.” Simple passwords are golden tickets for hackers. Once they have a username (which is often just a person’s actual name in a business setting), if they can guess the password, they can let themselves into your network. Many security experts suggest having a policy that requires employees to use strong passwords. Passwords should be a mix of letters (uppercase and lowercase), numbers and symbols. The more characters, the better. On top of that, passwords need to be changed every three months, and employees should use a different password for every account. Employees may groan, but your network security is on the line. Review your current passwords and check to see if you are on the is list of password fails and wins. https://bit.ly/3fAdq0S
- They don’t practice good security at home. These days, many businesses rely on “bring your own device” (BYOD) policies. Employees use the same devices at home and at work, and if they have poor security at home, they could be opening up your business to major outside threats. How do you fix this? Define a security policy that covers personal devices used in the workplace, including laptops, smartphones and more. Have a list of approved devices and approved anti-malware software. This is where working with an IT security firm like ManagedTEK can be hugely beneficial. We can help you put together a solid BYOD security policy.
- They don’t communicate problems. If an employee opens a strange file in an e-mail, they might not say anything. They might be embarrassed or worry that they’ll get in trouble. But by not saying anything, they put your business at huge risk. If the file was malware, it could infect your entire network. Employees must be trained to communicate potential security threats immediately. If they see something odd in their inbox, they should tell their direct supervisor, manager or you. The lines of communication should be open and safe. When your team is willing to ask questions and verify, they protect your business.
- They fall for phishing scams. One of the most common scams today is the phishing scam. Cyber-criminals can spoof e-mail addresses to trick people into thinking the message is legitimate. Scammers often use fake CEO or manager e-mails to get lower-level employees to open the message. AND there’s another type of phishing that’s becoming more common: smishing. Criminals will do anything to trick people into opening fraudulent e-mails.
Overcoming these threats falls on proper training and education. Phishing e-mails are easy to spot if you take the time to do it. Look at the details. For example, the CEO’s e-mail might be CEO@yourcompany.com, but the scam e-mail is from CEO@yourcompany1.com. It’s a small but significant difference. Again, it’s all about asking questions and verifying. If someone isn’t sure if an e-mail is legit, they should always ask.