Don’t Click that Link! Show Your Employees How to Prevent Cyber Attacks

Cybersecurity attacks are on the rise and are growing increasingly sophisticated. According to the FBI, cybersecurity attacks have increased 400% since the start of the pandemic! With the average cost of a cyber attack totaling $149K, it’s a serious issue.

Many business owners are left wondering how to prevent cyber attacks. An often overlooked aspect of cybersecurity is the actions of the user, i.e., your employees.

At SandStorm IT, we believe cybersecurity awareness is a critical part of keeping your important data and systems secure. But this awareness shouldn’t stop with you or your IT specialist, it’s important that every employee understands the risks and solutions to many common cybersecurity attacks.

Don’t assume that your employees know best practices. Periodic reminders and up-to-date cybersecurity training will keep this issue at the forefront of employees’ minds and make sure that new employees are on board with best practices.

What are the Different Types of Cybersecurity Attacks?

Your employees must understand what types of attacks your business faces and the role they play in stopping them. Three major attacks that employees should be aware of include phishing, ransomware, and business email compromise.

Phishing

These messages typically attempt to mimic emails sent from services someone may actually use, such as Paypal, etc. They typically prompt you to log in. However, instead of going to the actual site, you’re sent to a counterfeit website that harvests login info from the attacks. These attempts can also make your business vulnerable to ransomware. 

Ransomware

Ransomware takes control of your system by encrypting (locking) your system and demanding payment, normally in cryptocurrency (bitcoin) to provide the unlock key. Even worse, there is no guarantee that if you pay the money you will get access to your data. Ransomware can infect your system as the result of malicious attachments or when an employee visits an infected website that downloads malware without their knowledge.

Business Email Compromise

This type of scam involves impersonating someone through email in order to steal money. An example of this type of scam might involve a fake email from the CEO asking an assistant to wire money to a vendor. Strong policies and procedures and vigilant employees can protect your business from financial loss.

How One Bad Choice Can Put Your Business at Risk

The reality is that many of these attackers have unwitting partners in their schemes: your employees. Training is key in helping your employees understand the important role they play in your cybersecurity. From your CEO to your intern, everyone has a role to play in learning how to prevent cyber attacks. We’ve compiled this list to help your employees protect your business.

9 Things Your Employees Should Never Do:

1. Open an email from someone they don’t recognize. Opening an email can allow a virus to launch on your system by permitting it to execute some payload or executable contained in the email.
2. Open an email that seems unusual or odd. Is it an odd subject line? Does it seem strange that this person in the organization is sending this particular email?
3. Once they’ve opened an email, they should never click on a link or download a file if the email seems unusual or odd — even if it is from someone in their contact list. Tip-offs could be strange spelling or excessive grammatical mistakes, pixelated or poor quality images, or an unusual request. Call the sender or send a separate email to the sender to inquire about its legitimacy.
4. Respond to emails with their personal, private, identifiable information, e.g., a social security number, bank account number, or credit card numbers.
5. Disregard company policy regarding sending sensitive data through email — even if the email is from the CEO. Company policies should restrict the transmission of sensitive data over electronic media. This may not be applicable in all cases, but sometimes just requiring your employees to pick up the phone and verbally verify that the sender actually requested the information will stop a potential leak in its tracks.
6. Enter personal information into a site that they have been directed to without taking note of the URL. First, they should check to see if the site uses “HTTPS,” the “S” ensures it uses SSL (secure sockets layer) encryption. Second, check to make sure that the URL value is the domain of the legitimate entity and sender. Read more here.
7. Click on a link in an email to log in to a site. Instead, manually enter the web address into a new browser window to go directly to that site.
8. Reuse passwords. Create strong passwords that vary for each site or service used. When it comes to passwords, people like to use the same passwords because it’s convenient. But it’s terrible for security online. Once that one password has been hacked, the hacker will have access to multiple accounts.
9. Disclose confidential information over the phone. Make note of the person’s contact info and verify their identity before releasing any information. Go online and find valid contact information for the company they say they’re from, and then call that number to verify their identity.

Learning How to Prevent Cyber Attacks Can Keep Your Business Safe

Training your employees is an important first step in managing your cybersecurity. We hope you’ll share these 9 best practices with them.

With the high average cost of cyber attacks and increasingly sophisticated threats, however, even the most conscientious employee can make a simple mistake that can be catastrophic. SandStormIT offers cybersecurity management services to help provide additional security support and planning. Feel free to give us a call at 901-475-0275.