“I’ll just buy a cybersecurity solution from my Phoenix IT services company and then I’ll never get hacked.”
If you follow that line of thinking, I’m here to burst your bubble: No one can buy their way to an impregnable cybersecurity environment where attacks never occur.
Why? People cause most breaches. 85% of attacks evaluated for the 2021 Verizon Data Breach report involved a human element. Other reports put the percentage even higher. No matter how many advanced tools and systems you purchase, you still have employees — and they click links, open emails and accidentally usher criminals past your defenses.
Think of Cyber Safety Like Going to the Doctor
You can continually ask for pills to try and cure every ailment. The medicine will be highly effective against certain conditions, but your doctor will likely recommend you make lifestyle changes, too. Otherwise, you’ll continue to fall ill.
In the business world, your IT provider can give you criminal-fighting tools (pills). To effectively prevent cyber infections, your employees must alter their behavior (lifestyle changes).
Do your part, be cybersmart
The Cybersecurity and Infrastructure Security Agency hit on this idea when they chose, “Do your part, be cybersmart,” as 2021’s Cybersecurity Awareness Month theme. It’s advice we should follow all year, every year, not only in October 2021.
Today’s Hackers are Masters in the Art of Manipulation
You get a call from your bank. The agent on the other end says money was accidentally transferred out of your account. To put it back, they need to verify your identity. The agent says they will send a code to your phone. All you need to do is read it out loud.
Sounds harmless, right? Just a helpful bank agent fixing an error and returning your money to its rightful place — your account.
Well, if you attended the Pandemic Plundering webinar, you know that is not the case. What really happened was a clever criminal worked out how to bypass two-factor authentication. The hacker had the person’s email address and password, but got stuck when asked for the code sent to the person’s phone. Instead of giving up, they created this workaround and gained access to the bank account.
Pandemic Plundering: How Cybercriminals are Cashing in on Covid-19
Cybercriminals are professionals
Their “workday” consists of brainstorming ingenious ways to bypass new security features and tools. Your firewalls, endpoint detection and cybersecurity measures remain essential. They deter the less tenacious thieves. It’s like the prescription from your doctor. Highly effective, but you can’t ignore lifestyle factors.
It’s Inexpensive to Become a Cybersmart Organization
One way you can be cybersmart is literally free — install patches and updates as they’re released.
Ask your network administrators about patches and updates
When hackers aren’t dreaming up ways to defraud you, they’re using flaws in your business systems to get into your network. Often, they take advantage of known imperfections. In this case, the vendor:
- Knows the issue exists
- Pushed out a patch that closes the gap
But because people don’t update their systems, the flaw easily turns into an entry point for the criminals.
Create and enforce policies around updates and patching
- Make users keep all devices and software up –to date
- Confirm with your network admins that they regularly patch systems and install updates
- Turn auto-updates on whenever and wherever possible – this applies IF you also have a system in place to audit regularly and ensure it is working.
Help employees form good habits
Patches and updates don’t exist for “forever day” exploits — aka humans. The solution isn’t free, but it’s not expensive either.
Implement a company-wide cybersecurity training program
Cyber awareness training will help your team form good habits. In these courses, short videos educate users on the latest threats. Periodic phishing simulations and quick quizzes check to see if they retained the information.
It’s not a box to check
Going through the motions for the sake of saying you have cybersecurity training isn’t effective. If you really want to prevent cyberattacks you’ll:
- Put a program in place
- Have managers check in on training progress
- Measure to see if clicks decline
- Send short quizzes to check for retention
- Penalize people who don’t comply
Without a robust, monitored cyber training program, your IT services are incomplete and you are unnecessarily exposed to attacks.
3 ways to spot and stop malicious emails
1. Carefully read email addresses
Hackers set up email addresses that closely mimic real people you interact with. Look for inconsistencies like .net when it should be .com. You want to check that everything is spelled correctly, too. This won’t always be obvious. For instance, when an r and an n appear next to each other, they look like m.
2. Hover over links to see the full URL
This way you know where you’re going before you click. When in doubt, don’t click.
3. Verify all requests for money wires and transfers
Pick up the phone, or if you’re in the same office, walk over and ask. The person might roll their eyes, but if they didn’t actually request a money transfer, they’ll be happy you checked.
Ready to Be Cybersmart? Get Training From a Phoenix IT Services Provider
Setting up an effective cyber awareness training program is easy. Call a Phoenix IT services provider who offers cyber education to their clients. As you evaluate outsourced IT partners, look for one that has a strong cybersecurity track record.
At itSynergy, we bring a range of experiences, skills and certifications most businesses don’t have on staff. When you work with us, you get a Certified Ethical Hacker and Microsoft Partner who is obsessed with staying one step ahead of cyber villains. We’ll implement the right tools and set up an effective cybersecurity awareness training program.