October is National Cyber Security Awareness Month, created by the Department of Homeland Security, to increase knowledge about cyber terrorism and every day cyber threats. This is week 2 and the topic is “Cybersecurity in the workplace is everyone’s business,” so we created Top 4 things we felt every employee and/or business owner should know in order to help keep their business safe from cyber terrorism.
- Do not use the same password for internet sites as you do for your corporate password
- As we mentioned in our previous blog here, you should be using different passwords for everything you do, however it is even more critical for your corporate password to be entirely different than anything else you use. The reason for this is, website breaches happen all the time, LinkedIn had 167 million username and passwords stolen, and Yahoo had 3 billion user accounts stolen during a breach in 2013. There will continue to be breaches of websites and if you are consistently using the same passwords for everything that requires a login, then a hacker will be able to obtain one of the most important pieces of information they need, in order to get into your corporate network.
- Always be vigilant
- As Arthur House, Connecticut’s Chief Cyber Security Risk Officer stated, “Every employee needs to own cybersecurity.” It is everyone’s responsibility to keep the business they work at safe from cyber terrorism, especially if you work at a small to midsized business (SMB) because those are most susceptible to breaches and most affected by breaches. 43% of all cyber attacks are against SMBs and 60% of those attacked go out of business within 6 months. Your vigilance is not only crucial for the business you work for, it is crucial for your job, because one wrong click could put your company out of business. Never click on any links or attachments in email if you were not expecting them. If your gut feels something isn’t right, listen to it.
- Demand your vendors follow proper cybersecurity standards
- In 2014, Target was hacked and approximately 40 million customers we affected. However, the hackers did not breach Target directly, they were able to breach a must smaller company, Target’s HVAC vendor, and through that vendor, they gained access to Target’s data. We have all heard the adage, “You are only as strong as your weakest link,” and that is especially true in the war on cyber terrorism. Not only must you protect your own company but you must demand that vendors are protecting theirs too, because their weakness could become your demise.
- Cybersecurity Employee Training is a MUST
- Companies must embrace a cybersecurity training initiative and constantly provide updates and information as new threats emerge. Employees are the first line of defense against cyber terrorism, as 93% of all phishing emails now contain ransomware. Teach your employees how to identify suspicious emails that may be phishing attempts. Fake invoice messages are the #1 type of phishing lure. Create a culture among your high value targets such as your accountants, controllers etc., that if a request comes in that involves finances, it is their duty to see confirmation that the email is indeed real. The W2 email scam that has been going around is the perfect example of why it is URGENT that employees be trained to always ask and verify BEFORE they click. Warren Buffet is quoted as saying, “It takes 20 years to build a reputation and five minutes to ruin it…” but what I like to say is “It takes 20 years to build a reputation and ONE CLICK to ruin it.”
Be vigilant and be safe!