Why You’ll Need More Than the Luck of the Irish to Secure Your Computers
You’ve been lucky so far with no major virus infections or cyber attacks! However, with 43% of all attacks targeted at small businesses, how long will your luck last? We Irish say “If you’re enough lucky to be Irish… You’re lucky enough!” Well… that’s almost true. This St. Patrick’s Day, don’t leave your computers, customer data, employee files and software licenses to the “luck of the Irish.”
Employee Training
Email remains a popular method to obtain sensitive information or infect computers with malware, and your employees might be helping hackers achieve their goals. Thirty percent of people open phishing emails, and 12% of people open unsolicited attachments.
Phishing emails appear to be from reputable sources, but their purpose is to trick recipients into revealing personal information. For example, if you received an email that appeared to be from your bank and it asked you to verify personal information such as account number, address, SSN, or your password. A hacker could piece together enough information to guess your passwords or impersonate you by combining phishing emails with information about your pets, high school and family available in your social media profiles.
Although it’s possible that hackers may attempt to gain all of the information they need at one time, it’s also common for them to engage in grooming your employees over several emails to deceive them into releasing information over time.
Fortunately, employee training in spotting a fraudulent email can mitigate your risks. Security training will demonstrate the “red flags” that appear in suspicious emails:
- Email addresses do not match the sender’s name or company
- Hovering over email links show an address that does not match the sender’s company
- Unsolicited attachments
- Requests for passwords or identifying information
- Requests or promises of wire transfers
Employee training can be completed in under an hour, either at your site of business or in our training center. In addition, ongoing testing can be established to continually train employees on current security risks.
Wire Transfer Policy
Phishing can be used to collect enough information to credibly impersonate (or even hack into) a manager, vendor, or customer account, then send emails that convince employees to transfer money. The FBI’s term for this scam is “business email compromise” or BEC for short and report that losses now total more than $3B.
These requests will be sent as an urgent matter with a past due date, meant to create a situation where your employees feel pressured to complete the request as quickly as possible.
This scam has affected businesses of all sizes, in all industries. One popular variant is impersonating the CEO to request the employee transfer money to a vendor. The email “looks like” it came from the CEO, so the transfer is completed without any follow-up. In 2016, an executive at toymaker Mattel wired $3M to China after receiving an email she believed came from the CEO.
To prevent employees from falling prey to this tactic, implement a firm company policy that treats all requests, especially “rush” orders, with care by requiring verbal approval from the owner to initiate money transfers. This verbal agreement needs to be in person or by calling established contact numbers, not by following instructions in the wire request email.