Over Half Your Staff Misunderstands Cybersecurity: IT Services in Bergen County Talks Training Tips
In the aftermath of a security breach within a company, there’s typically an emphasis on the importance of cybersecurity for a short period of time. Unfortunately, these conversations rarely translate to a large scale change in user behavior. The latest Verizon 2018 Data Breach Investigations Report concluded that internet-connected technology users continue to make the same mistakes that open the door for cybercriminals to attack in the first place. The report highlights the following significant findings:
- 76% of breaches are financially motivated
- Almost three-quarters (73%) of cyber attacks were perpetrated by outsiders
- Human errors were at the heart of nearly one in five (17%) breaches.
- Ransomware is currently the most available malicious software
- Healthcare is the only industry where the cyber threat is greater on the inside than outside
- More than two-thirds (68%) of breaches took months (or longer) to be discovered.
- A majority of compromises (87%) only took minutes to bring a company workflow to a halt
The report also emphasized a major myth: cybercriminals only go after big institutions and enterprises. In truth, cyber attacks are opportunistic and rely on negligent behavior and security systems that are outdated. “Next door” businesses included.
If your business is in New Jersey, you can get state-of-the-art cybersecurity technology and services with TNTMAX, a company providing IT services in Bergen County.
It’s becoming harder, and in some cases unrealistic, to ignore some cloud-based services and technology products which your staff use to make their life easier and their work more productive. It is therefore imperative for businesses like yours to fortify your cyber defenses to prevent security threats from every possible avenue. TNTMAX assesses your company’s cyber vulnerabilities and creates a customized cyber defense plan that protects valuable data and company assets from malicious hackers. One such method is a staff training program about cyber threats that isn’t about ticking boxes but producing behavioral change.
What your staff should know about cybersecurity risks
Part of the IT services for Bergen County businesses that TNTMAX provides involves educating staff about current trends in cybercrime. The training helps users connect their behavior to potentially dangerous outcomes. We’ve found that creating a culture of cybersecurity shifts the focus away from perceived “time-wasting” to an increased appreciation for the measures and policies your company puts in place to protect data and computer networks. Here are threats employees should know:
A business’ data is a rich mine of personal information about employees and customers. When a hacker can obtain enough pieces of the puzzle, such as birth dates, driver’s license numbers, account numbers, and other identifiers, they can then sell that information. Scammers use this information to open multiple accounts and squeeze out the maximum benefits, even claim tax refunds. Dangerous individuals can commit serious crimes while posing as somebody else.
It all starts with a security breach, where cybercriminals exploit the vulnerabilities in your IT systems to get their hands on your sensitive data. Immediate responses should involve disconnecting important assets, changing passwords, and tightening access. Physical security should remain a priority.
A popular method to gain access to a company’s system and data starts when an unsuspecting person clicks a link in an email. These emails have a few attributes that make them so compelling their recipients let down their guard:
The emails appear to come from authority the reader is familiar with and trusts
Their subject lines make believable claims/announcements
The rest of the email builds up an urgency to click on the provided link
Banks have done an excellent job of educating customers about phishing emails requesting changes or updates to banking details. Nowadays, malicious users disguise phishing emails as coming from any subscription service you have. Over one hundred million Netflix subscribers received such an email, informing a suspension of their accounts due to a billing issue. Imagine that in the immediate panic some subscribers felt at not being able to access their favorite shows, they clicked on the link and put in their credit card details. It’s pure social engineering that can work on anyone if the message is just right for their current state of mind and they miss any of the following signs:
- The sender’s domain address is different from the organization’s official domain
- Without clicking on the link, the website URL is different from what you expect
- The message has some spelling, grammar, or style mistakes, likely written by a second language English speaker
Viruses, spyware, malware
These are malicious software created with the sole aim of inflicting damage to a computer or network, many times in the background. They are transferred to a computer through a USB stick, email attachments, email links, and website downloads. The purpose of the software may vary from wiping out data to slowing down computer speeds until they become unusable, sabotaging a company in the process.
Spyware is used by attackers to capture passwords, screenshots, keystrokes, system information and much more. It’s not hard to imagine how risky it can be for sensitive company data to get into the wrong hands.
Not only does this present security issues for all users and clients, but it also damages your company’s reputation in the long run.
Smartphones are also susceptible to malware as they are essentially mobile computers. Spyware is doubly powerful in phones, making it possible to listen to a victim’s conversations as they go on with their day. Downloading malicious applications from third-party stores is a popular gateway for malware.
Ransomware is a devastating malware that infects a system and encrypts the owner’s data so that it’s no longer usable. The attacker, who is not easy to trace, demands payment to unlock it. You now have to decide between losing access to your system or paying the ransom. A type of ransomware called “WannaCry,” for example, shut down Britain’s hospital network and numerous other companies.
If you want to protect your business from loss of data from malicious software, TNTMAX also offers disaster recovery as part of our IT service for Bergen County companies.
Computer and internet habits of employees that can put security at risk
Technology that makes our lives easier and expands our network of contacts can be used to steal our personal information. Add to this the default desire for convenience, the temptation to ignore the risks can be hard to resist. Once again, connecting actions to possible undesirable results should remain the core of cybersecurity training.
Unsecured public WiFi
Free WiFi is a drawing card for coffee shops, hotels, and shopping malls. True to form, they are the perfect opportunity for criminals to intercept the data you send, i.e., banking credentials, login details for social media and email. Use a VPN if you must access any profiles, or preferably, switch to your mobile phone network.
Tracking apps are a good way of keeping an eye out for loved ones. With nefarious intent, the ability to track the movements of an employee with a sensitive portfolio can betray company secrets, or even worse, the person’s safety.
Apart from clicking on malicious links, the other security threat that social media presents is impersonation. Once criminals can get the login details of an account, the level of damage they can cause depends only on their creativity. Your brand image and perception can be put at risk.
Connecting to third-party apps using social media accounts is a familiar route hackers use to gain access when there are vulnerabilities. Multi-factor authentication should be deployed at the barest minimum to protect accounts.
No matter the many warnings to keep all passwords unique, having to remember ten passwords or more causes people reuse their favorites. Criminals know this and are on the lookout for opportunities to exploit it. A scary scenario is when work passwords and those for personal use are the same. Password managers help create secure passwords and encrypt them.
Using corporate devices for personal activities, such as playing games, shopping online, and streaming media
On the surface, bending the rules just a little bit to pass time or quickly buy an item before getting home seems harmless. The problem is one laxity usually follows another until a person’s behavior habitually contravenes your company’s security policy about work phones and computers. As expected, risky behavior can open doors to access company data.
TNTMAX provides cybersecurity training as one of its packages for IT services in Bergen County businesses.
Benefits of training staff about cybersecurity
A culture of cybersecurity does not happen wishfully. In spite of keeping your security systems up to date, if you haven’t properly trained your staff on the best practices, your security investments can become a waste. Security breaches have happened because an employee unknowingly opened the door.
Cyber attacks evolve quickly. Therefore, an informative and interactive cybersecurity training should:
- Correct misinformation about behaviors viewed as harmless
- Reduce embarrassment for non-savvy members who struggle to keep up with technology trends
- Keep staff updated on the latest cybersecurity threats
- Change the narrative that cybersecurity is just an IT problem
- Help staff members use technology, and social media with confidence and in ways that boost their productivity
- Remove the “bury head in the sand syndrome” that cyber attacks happen to other people.
Benefits to your company when staff members go through the cybersecurity training program TNTMAX offers as an IT service for Bergen County businesses:
- Reduces your risk
- Safeguards your business operations
- Prevents downtime
- Maintains the trust customers have in your authority and services
- Protects your staff from attacks in their personal lives that can interfere with their focus and productivity
Partner with cybersecurity professionals who can assess your company’s vulnerabilities and offer in-depth training to which your staff actually want to listen. For businesses in New Jersey, look no further than TNTMAX, delivering IT services in Bergen County and beyond. TNTMAX is here to help your company with a comprehensive program to make cybersecurity a business culture.
TNTMAX also offers disaster recovery as part of our service.