Despite businesses’ best efforts to use encrypted networks, firewalls and other cybersecurity measures, cybercriminals hack millions of networks each year, and cyberattacks are still on the rise. The majority of successful cyberattacks on companies originate through emails. Infomax knows that training employees to recognize cybersecurity threats is a necessity.
Not only is it imperative to protect a business’ confidential data and documents, but protecting against cyberthreats also saves a company’s finances. For instance, ransomware — a type of malicious software or malware that denies user access until a ransom is paid — is forecast to cost U.S. companies and organizations about $11.5 billion in 2019, according to Cybersecurity Ventures.
“We can put out lots of safeguards to make the company secure, but it doesn’t matter if employees don’t know what to do,” said Doug Postel, Infomax’s IT director. “In about 80 percent of ransomware cases, it’s not the technology that gets hacked — it’s the person.”
Doug walks us through how to train employees to recognize cyberthreats.
Periodic training is key to keeping companies safe from the latest cyberthreats. Cybercriminals are extremely tech savvy, organized and always advancing their tactics. At Infomax, we keep track of trends so our clients don’t have to. We send regular training tips and tests to our iGuard Managed IT services clients so they can keep up to date. Training often includes a video or a timely examination of a recent security breach in the news.
“We look at a breach that’s happened, how to prevent it and what to look out for,” Doug said. “There are new threats every day. If you’re not in a subscription mode where you’re getting updates to threats constantly, you’re leaving yourself vulnerable.”
Approximately 92 percent of malware is delivered through email phishing, according to Verizon’s 2018 Breach Investigations Report. It’s imperative to teach employees about safely receiving and downloading email files. Many companies use filtering systems for emails, but they aren’t 100 percent foolproof, Doug said.
Cisco’s 2018 Annual Cybersecurity Report found that in 2017 hackers most often used Microsoft Office formats — such as Word, PowerPoint and Excel — to hide malware. Other files hackers often used included .zip and .jar files, as well as PDFs. As a general rule, employees shouldn’t download any files from an email that they weren’t expecting to receive.
About 91 percent of cyberattacks originate through phishing emails, according to research by PhishMe. To test employees, Infomax often sends test emails similar to phishing attempts employees could receive. Phishing emails are often sent from email domains that have one or two letters off from a company’s actual email, or the email address will include “.org” or “.net” instead of instead of the accurate domain.
Emails prompt employees to click a link that will take them to an unsecured website or download malware. Some links will mirror accurate website employees frequently visit. The imposter sites prompt employees to sign into their accounts, allowing hackers to gain secure passwords.
Similar to downloading documents, employees should only click on links they were expecting to receive and that they thoroughly inspect, checking email domains and links against past emails they have received. A telltale sign of phishing attempts is that they often try to send recipients into a panic by including an urgent warning. Additionally, it’s always safer to navigate to a website you have previously visited rather than to click on a potentially phony link through an email.
It’s important to have a company culture that reinforces cybersecurity efforts. Business administrators can ask Infomax to train and test employees on cybersecurity efforts. Managers will receive a countback of who has participated in that training.
“If an employee fails a test, it’s a chance for us to reinforce that the error could have cost the company tens of thousands of dollars,” Doug said. “It’s a great chance to provide further training.”
To tighten up your workplace’s security, contact us today.
“We take the headaches off of the business owner,” Doug said.