Any employee at any company in the world is one bad click away from disaster.
Everybody loves Barbara. She does an excellent job – always on time and her work is perfect. She’s outgoing and encouraging to her coworkers. When you see her husband and kids at company outings, you’re impressed with how lovely they are. She’s the first to bring in cookies for an office treat. She’s a model employee in a small, close-knit business.
One day, Barbara doomed the company to bankruptcy.
She didn’t mean to do it. She didn’t even know what she did until the entire network locked up and a screen appeared that looked something like this:
Just what did Barbara do? She clicked on a link or attachment in an email that she should have been trained to view with suspicion. Unfortunately, the company had no Security Awareness Training regimen in place. She didn’t know to be suspicious.
The Phishing email she fell for looked innocent. These range from a spoofed (copied) logo and message from a trusted source like FedEx – providing a link to track a package on its way to her. Maybe it was from her husband’s hacked email address sending a new photo of one of their kids at daycare (“Hey, check this out - Timmy is so cute in his Halloween outfit!”).
Regardless of what the Phishing email looked like, the damage had been done. As a small business, the owners paid as little as possible for IT Support – using the obsolete ‘Break/Fix’ model: Wait until something breaks, then hire an ‘IT guy’ by the hour to fix it. The company had no backups and were forced to pay the ransom for a decryption key.
That’s when the company fell through the cracks. They became one of the 24% of companies that paid the ransom but did NOT get a decryption key to recover their data. All customer info such as projects and invoices were gone forever. Then, they joined the 60% of small businesses that go out of business within six months of a cyber-attack.
Fear Mongering?
Unfortunately not – this is just a reality that is all too common.
Can cyber attacks be stopped?
To an extent, data breaches and malicious intrusions can be thwarted, slowed, and quickly resolved, but no IT Support expert worth your consideration should ever claim that they can be stopped.
There are two basic steps to provide your network with the best protection:
1) Competent IT – A Managed IT Services Provider is best.
This is all-encompassing: A Managed Services Provider (MSP) will set up a wide range of protections. Some, like Next-Generation Firewalls and Anti-Virus (AV), will stop or stem many intrusions, but for those new malware strains designed to get around those protections, the ultimate solution is a tiered backup solution – from local to offsite.
When malware like Ransomware gets through, IT simply shuts down the infected devices, wipes them clean and reinstalls the data from secure backups – usually within a couple of hours. Your backup system should include these three types:
Local Backup
Cloud Backup
Cloud to Cloud Backup
2) Employee Security Awareness Training.
This is the best prevention there is: Recurring Security training raises the ‘situational awareness’ among employees. It reminds them to ask “Why did I get this email from FedEx? I’m not expecting a delivery and I don’t deal with shipping and receiving matters.” Or: “Why is he/she suddenly sending me attached photos – they don’t usually do that.” Training teaches employees to look twice at anything unusual and ask questions. IT doesn’t need to fix what never gets in.
Spend the money – it’s worth it. Your sister’s ‘IT savvy’ kid dropping by now and then is not going to cut it.
Frequently Asked Questions
Q: Why do we need security awareness?
A:
Your employees may be smart, but there is a difference between intelligence and knowledge. If your employees do not possess the knowledge that enables them to spot red flags that may indicate a malicious email, they can easily fall into a Phishing trap.
This goes for all areas of Cybersecurity. Do your smart employees know how to create strong passwords? Are they aware of the simplest ‘security hygiene’ steps that need to become second nature as they work with emails and websites?
If you answered either of those questions with “No” or “I don’t know” – your employees need security awareness training. This is not just an issue for your IT Support – it’s a team effort.
Q: What should be included in a security awareness training?
A:
Data security is not just about what happens on a computer. Sensitive information left on post-a-notes in an easily accessible office is an issue, as are patient charts left unattended at the reception desk in a medical office, and devices such as laptops or cell phones left at an unattended reception desk in any type of office. These topics must be covered:
Local Physical Security
Email scams
Malware
Password security
Removable media
Safe internet habits
Social networking dangers
Physical security and environmental controls
Clean desk policy
Data management and privacy
BYOD (Bring Your Own Device) policies
Q: How often should you conduct security awareness programs?
A: It is recommended to provide ongoing training every three months. Users need regular reinforcement and updates on the latest scam trends. ‘One and Done’ doesn’t work. Think of that old joke:
A man in New York City asks somebody “How do you get to Carnegie Hall?” The person replies, “Practice, practice, practice!”
Your IT support should have some level of involvement in these training sessions. In between trainings, the company you contract with for training, or your IT services vendor should run the Cyber ‘War Games’.
Q: How do you test employees’ security awareness?
A: It is recommended to provide ongoing training every three months. Users need regular reinforcement and updates on the latest scam trends. ‘One and Done’ doesn’t work. Think of that old joke:
A man in New York City asks somebody “How do you get to Carnegie Hall?” The person replies, “Practice, practice, practice!”
Your IT support should have some level of involvement in these training sessions. In between trainings, the company you contract with for training, or your IT services vendor should run the Cyber ‘War Games’.
How secure is your network?
As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.
The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed IT Services firm to ensure continued reliability and defenses against newly emerging threats.
With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Need Mobile Device Security Solutions?
No matter what size company you have, mobile device management is vital. Contact us to learn more about our endpoint security solutions.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
For more information, or to receive your FREE no-risk network and security assessment, just fill out the form on this page or call us at:
818-805-0909