Business is hard. It seems that there is a “crisis a minute.”
Owners and executives worry about hacks, breaches, and malware in addition to normal operations issues. If they install the latest security systems, many think that their worries are over. They are wrong.
The Weakest Link In Cybersecurity
As human beings, we don’t like to admit our faults. But, the fact is that people are the weakest link in security. That is why social engineers target humans. They know that users can bypass all your state-of-the-art security systems, especially those using admin-level accounts.
You’ve spent a lot of money on software and hardware firewalls to increase security. But don’t forget to harden the human firewall—your employees.
Managed Security Awareness Training Programs Are Vital To Security
Hackers know that your employees are easy gateways to your network. Look at the news. Most of the reported breaches started with a phishing email.
Doesn’t it make sense to train your employees? The more your employees are aware, the better protected your network is.
Insurance Companies Usually Require Employee Training For Cyber Insurance Policies
Cyber insurance rates are increasing. As a result, the requirements for issuing policies are getting stricter.
Also, insurance questionnaires that precede coverage are getting more detailed. For example, all have questions about security training.
Many insurance policies require:
- Phishing tests
- Ongoing Training (required annual training modules, ongoing periodic training, etc.)
- Dark Web Scans
- Reporting on the progress of your employees
Can This Scenario Happen To You?
Harry recently started a new job. As part of his onboarding, he received cybersecurity training. There were quite a few video modules, and he had to answer questions online. Unfortunately, he paid little attention.
Harry’s company started to gear up for the coming holidays in October. Orders were ramping up, and things were getting hectic. Harry’s job was to coordinate online sales and pay the company’s vendors on time. His inbox was exploding!
Each morning, Harry faced 20 to 50 customer orders and vendor inquiries.
To keep up, Harry went through his emails quickly each morning. He skimmed over them, separating vendor inquiries from customer orders.
One morning, Harry came across a vendor’s email requesting immediate payment. He didn’t recognize the vendor but opened the attachment anyway. Unfortunately, the document wouldn’t open, so Harry emailed them for another copy. Then, he went to get a cup of coffee. It was a busy morning.
When Harry returned to his desk, he saw a sickening sight. Ransomware had locked his files. Moreover, the hackers demanded $500,000 in Bitcoin.
Harry was using his admin-level account. As a result, the malware spread to his company’s servers, bringing down the entire network.
The company paid ransom because the data in the backup system was unreadable, and no one ever checked the viability of the backups.
The company’s insurance claim was denied because security policies were not followed. Harry was soon fired.
Did You Spot The Red Flags?
- Harry did not pay attention to his training, and opened the malicious attachment.
- Harry used his admin-level account for everyday use, even though he had a more restrictive account. His training would have reinforced the rule never to do this.
- The company used a data-only backup system and did not check if the data being backed up was readable.
One-Click For A Disaster To Unfold
The company was brought to its knees because of one errant click from an ill-trained employee.
As you evaluate your own company—are you in the same boat?
- Do you have a Security Awareness Training program?
- Are you making sure that your security policies are understood and followed?
- Are you using a data-only backup system? If so, have you checked your backup’s viability recently?
Don’t let your company become a victim. Businesses of all sizes can no longer operate as they did before. So, you must up your game.
Need help? Please email us at [email protected] or call the number below for a free consultation.
XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection | Security Awareness Training. Call (845) 362-9675 for a free consultation.