cyber-attack-crime

In the past several years, cybercrime has emerged as a top-of-mind threat for business owners and managers across the globe. It is a big business that is more and more commonly permeating small and midsize businesses. Why is the threat moving downstream when Target or United Healthcare or Sony have the money and truly sensitive (read: valuable) data? Because it’s easy. Whereas attacks on larger organizations require months of focused dedicated work from a large team, usually targeting an obscure exploit, cyber-crimes against SMB’s can be perpetrated as crimes of opportunity. Criminals will literally blast enormous swaths of businesses with threats until they find a weakness. It’s statistics. It’s quantity over quality.

The reason small and midsize businesses are easy is because advanced cyber-protection is expensive, and until a nasty event smacks a business owner in the face they generally operate under the guise of “it won’t happen to me” We are realists at Upward, and understand that no matter how many stories a business owner hears, the fear of a threat is still not always compelling enough to take action.

In reality, some of the most important protection against cyber-threats is common sense and training. Here are three completely free things you can do to protect your company from cyber-threats:

Have a meeting reminding everyone they will be praised for raising their hand immediately if they see a threat.

Does this sound obvious? Well, it isn’t. Despite the fact that totally innocent, benign activities (opening an email from an outsider, visiting a weird website while doing research) can initiate a cyber-event. It can happen to anyone, most employees live in fear that they will be punished if they instigate something bad happening to their environment. This could be the avoidance of shame or outright punitive damages, but it results in employees witnessing suspicious behavior on their computer, then doing nothing. The employee reboots, clicks the pop-up to go away or allows the computer to get slower and slower as the virus spreads throughout the device and onto the network.

The deterrent to this behavior is making it completely ok and even worth a reward to admit right away when something weird shows up, no questions asked. Mention this in a staff meeting, then make sure that you follow up with public praise for the first employee who admits there is a problem. If they were spending work time on something they shouldn’t have, address this privately, but make sure the messaging is clear: it’s ok to admit that something seems fishy. This could very realistically mean that the problem contained just to their device stays there and doesn’t infect your server or entire network!

Warn your people about wiring money.

We see spear-phishing attempts weekly now at Upward, and several have gotten too close for comfort. For the uninitiated, spear-phishing means that an executives email is spoofed, and a request goes to a subordinate from the spoofed email requesting an immediate wire transfer. Usually, it is coordinated during a time when the executive is traveling anyways, and the request seems more plausible.

Avoid this common threat by creating clear policies around wire-transfers at your company. Develop a written protocol whereby there is a two-person sign-off, special “code word” to initiate a transfer or make sure your banker has clear rules about executing.

Block websites that could introduce threats to your environment.

If you have a firewall with services running on it, you have the ability to selectively block websites. These can be blocked by class: pornography, gambling, BitTorrent. Or specifically, which is helpful anytime someone gets a virus on their machine from a website. Discuss this feature with your IT provider. You may even realize the fringe benefit of having some employees complain about losing access to their favorite sites, which may allude to how they spend their time at work in the first place.

If you feel that your environment could use some attention, and would like to explore these and other best practices, please reach out to Upward Technology to schedule a complimentary evaluation of your environment and training for your staff.