October 2019 - Main Article:
Employees Keeping Your Data Safe? ... Don’t Count On It
In any business, big or small, employees can be your biggest IT threat, and they might not even realize it. Businesses already face countless cyberthreats, like data breaches, cyber-attacks, online viruses and malicious e-mails. But despite all these outside threats, the real problem can come from the inside.
One of the biggest threats to your business’s security is simply a lack of awareness on the part of your employees. It comes down to this: your employees just aren’t aware of current threats or how to safely navigate e-mails and the web. They might not be aware when they connect to an unsecured WiFi network or if they’re using a firewall. They may be haphazard in all things IT. There are a lot of variables.
Your best defence, in this case, is training. Get all of your employees on the same page. Look at your current training and find the gaps, or start putting together training if you don’t have it. You want a training program that covers all your bases and gives your employees the knowledge and tools they need to keep themselves and your business secure. (Don’t know where to begin? Work with professional IT specialists. They know what your employees NEED to know!)
Another major security threat is phishing e-mails. On any given day, you and your employees can be on the receiving end of dozens, if not hundreds, of fraudulent e-mails. Data from Symantec shows that 71% of targeted cyber-attacks stem from phishing e-mails. While awareness regarding phishing scams is better than ever, it’s still far from perfect. And it doesn’t help that phishing e-mails have gotten more advanced.
Phishing e-mails are typically disguised as messages from a legitimate source, such as a colleague, a bank or an online retailer. They try to trick recipients into clicking a link or opening a file (which you should NEVER do if you are not 100% sure about the source). But there are easy ways to identify scam e-mails:
- They’re impersonal. They may be addressed to “customer,” “to whom it may concern” or “my friend.” But be careful – sometimes they are addressed properly and use your name.
- They’re full of spelling and grammar errors. Not every phishing e-mail will have these errors, but it’s good to read e-mails word for word rather than just glancing over them. Unusual errors often mean a scam is lurking.
- The “from” e-mail address is unfamiliar. This is one of the easiest ways to pinpoint a scam e-mail. Look at the sender, and if the address is filled with numbers, letters, misspelled words or is weirdly long, there’s a good chance it’s from a scammer.
The other major issue facing your business is your employees connecting to unsecured WiFi hot spots. It is such an easy mistake to make. Whether it’s a remote employee or an employee working during lunch at a corner café, you never know when they might connect to unsecured WiFi (it doesn’t help that it’s everywhere these days). One Spiceworks study found that upward of 61% of employees connect to unsecured public WiFi while working remotely.
The problem is, you never know who is watching or if the public WiFi is really the network you intend to connect to. Hackers can easily set up a “fake” network to divert traffic to their hot spot to circulate malware and steal data.
Another WiFi threat might be right at home. If you have employees who work from home, you need to make sure their home WiFi connection is secure. Too often, homeowners leave their WiFi wide-open because it’s home. They think no one’s going to sneak onto their WiFi or they keep it unsecure because it’s easier to connect a lot of devices.
While it might be easier to connect to, it can cause huge problems. For one, WiFi signals can reach hundreds of feet. It’s easy to sit outside of an apartment or out on the street and find dozens of WiFi signals. If any of these signals are unsecure, a hacker can sit outside undisturbed and go to work accessing data and planting malware.
It all comes back to this: Work with your employees to establish IT best practices. Educate them on threats and how to protect themselves and your company. Help them develop a positive IT security mindset at the office, at home or anywhere they work, whether they’re using company equipment or their own.
Don’t know where to start? Don’t worry – one phone call and we can help get you started. Don’t wait. Let’s secure your business today.