Customer Portal Login

Need IT consulting, support & data security?

Speak to industry experts on implementing industry standard technology solutions for your business…

More Info Request Callback

Tuesday, November 5, 2019
Bookmark and Share

Teknik IT Mgmt & Data Security Blog

Teknik IT Management & Data Security has developed this blog to give you ideas and useful information to help our readers understand and receive the most benefit from fast-changing technology.

The information provided in our blog is comprised of the authors' thoughts and solely their opinions based on their experience and research. If you implement any recommendations offered here, you do so at your own risk. Teknik IT Mgmt and Data Security, the authors and contributors are not responsible for any resulting outcome.

Before implementing any changes to your technology, we recommend consulting with an IT professional to make sure they are appropriate for your unique situation.

Get useful information about technology by subscribing to our newsletter and blog.

Submit

Employee Training: The Neglected Layer of Cybersecurity

WomanTyping_7943079_s-2015

Human error is a very common and effective method hackers use to gain entry into secured networks. Setting up strong network security is a must. But passwords, firewalls, anti-virus, anti-malware and monitoring can only protect your IT infrastructure up to a point if employee mistakes undermine their effectiveness. The only way to prevent these mistakes is by training your employees to avoid them.

How do Hackers Try to Fool Employees?

Cybercriminals use several ways to fool employees into giving them access to networks and confidential data.

  • Phishing – Hackers send emails that often look innocent or legitimate which request personal information or ask the reader to click on a link or open an attachment. When the user clicks the link or attachment it launches the malware and can infect the computer and network.
  • Whaling – This is a form of phishing that targets executives or upper management in a company. Cybercriminals research the company and produce very authentic-looking emails that appear to be from a vendor or financial institution the company works with. They send these to targeted staff members who are tricked into believing the correspondence is real. The employee then sends information or clicks on a link or attachment that can allow the hacker to receive sensitive data or entry into the network.
  • Pretexting – Cybercriminals convincingly pretend to be someone who needs access to your system or confidential information to do their job. An example of this would be a hacker impersonating IT staff to get passwords or convince an employee to download a malicious file disguised as an update.
  • Baiting – This form of attack uses people’s curiosity or desire against them. Employees are enticed to click on social media posts, website links or pop-ups that may say they’ve won something or have a sensational headline or offer something that would be of interest. Once one of these is clicked, ransomware or malware downloads into the computer.

What Should You Teach Your Employees about Their Role in Cybersecurity?

Employees are the first layer of cybersecurity protecting your company from hackers. It is critical to train them to be on the lookout for all of these threats to protect your company.

To combat phishing and whaling, review emails for misspellings and grammatical errors. These are obvious signs of a phishing email, along with out of place urgency in their requests. However, some phishing and whaling emails are very sophisticated and can appear real. For any email requesting sensitive data, be suspicious. Verify that it’s authentic by separately contacting the sender or organization to verify it, or consult with your company’s IT services provider.

If you suspect pretexting, double-check by calling that department or organization back at a telephone number you know is legitimate to see if it’s authentic. Be familiar with the IT staff for your company and personnel at vendors you deal with. Be especially vigilant about requests from people you’ve never dealt with.

To prevent baiting attacks, educate employees about and put in place computer use policies that prohibit them from going on non-work related websites or clicking on or downloading anything suspicious.

For example, if a pop-up alert appears, read it instead of just clicking. Don’t click through if your anti-virus says it’s a dangerous website. Call IT instead. If it says you have a virus, check if it’s an Internet Explorer window. If it is, it’s probably a virus. For Windows systems, click Ctrl+Shift+Esc and manually close Explorer instead of clicking the X.

Have your IT people establish a separate guest network for customers that employees can also use to surf the web, check personal email or use social media on their breaks. Your company network is safer when it’s only used for business purposes.

Treat Cybersecurity as an Important Part of Everyone’s Job

From the CEO to the front desk receptionist, protecting the company from hackers is everyone’s responsibility. Cybersecurity education should be part of your company’s new employee orientation. Conduct training at least annually. Highlight examples of phishing, pretexting and baiting attempts to your entire staff as your employees come across them and recognize employees when they prevent hacking by thwarting the cybercriminals’ efforts.

For cybersecurity to be effective, it must be multi-layered and include employee training and cooperation. Teach them about how important data and network security is to your company, customers and, ultimately, their jobs.

Saturday, August 26, 2017

Written by Karen Anderson

Tags: Cybersecurity Employee Training

Find out more about the ways Teknik IT Mgmt & Data Security can help you by calling us today to set up a free consultation for our services.

Serving all your computer and business technology needs!

Search