When it comes to cyber security, staff training is an integral part of protecting your business. There’s no point in investing in antivirus, backup drives and firewalls if a team member is going to click on a questionable email from Uncle Bob to claim $100,000 in inheritance. It’s almost like buying burglar alarms and CCTV but then leaving your front door unlocked.
Recently, we dealt with two cyber attacks, and both were down to errors made by staff. One hack came in the form of a dodgy email with an attached “survey” asking for passwords and email addresses. Nearly 40 members of staff completed the “survey”, handing over sensitive data direct to hackers.
The second incident was due to someone setting “Password1” as a password. According to howsecureismypassword.net, criminals can “instantly” hack such a password. Unfortunately, this is exactly what happened, and hours were wasted trying to rescue the system back from the hackers when it would have taken one minute to set a suitable password.
To ensure your staff are fully clued up, our technical director Ged, has written a checklist of the main issues you need to be aware of…
• Don’t use the same password for different systems. Often usernames are email addresses and if one system is compromised, then the bad guys are likely to try the same username and password combination on many other sites.
• Never write your password down. In the same way you wouldn’t leave your front door key in the lock, you shouldn’t make it easy for people to get access to your system. Use password managers instead – more info on that here: https://mailchi.mp/resolvesolutions/secure-passwords-make-unhappy-hackers
• If you receive an unusual email with an attachment, then don’t open it. Most virus-laden attachments are blocked by your security software, but no system is 100% and sometimes new previously unseen threats can sneak through. If you have any doubt, then ask your IT provider to check... they’d much rather give you advice upfront than spend hours helping you recover from a ransomware outbreak! Neal also wrote a super handy blog on how to spot spam emails, read that here: https://resolve.co.uk/blog/article/spotting-and-stopping-spam-emails
• More and more we see “spear phishing” attacks where someone tries to obtain money by deception. They may register a domain that looks like yours and email the accounts department pretending to be the MD, asking them to urgently transfer money to a client. You should make sure you have a verification process in place if you are ever likely to make this sort of request, like a password or similar. That way, if the password is missing, the person should never complete the transaction.
If you are battling with a challenge like the one above or need to get a proper cyber security system in place, complete the box below.
Call-backs are UK only, and 9am-5pm.