You've taken all the recommended steps to protect your business infrastructure from outside attack. You've setup a regular computer/server maintenance schedule, you keep up with all patches and firmware updates, you run business-grade anti-virus and anti-malware software, you use complex passwords and Two Factor Authentication (TFA), you even utilize both local and remote data backups; have you done enough, are you safe? The answer is a resounding, "No".
Even the most sophisticated security plan may not protect you from an employee that clicks on a bad hyperlink, that attempts to open a dangerous email attachment, or that allows a fake technician to remote into their computer. The well-meaning employee is often the weakest link in your security plan. Hackers know this which is why they target your employees daily with email phishing campaigns, popups, browser redirections and alerts urging them to call fake technicians.
To combat such targeted attacks, every business needs to educate their employees how to better identify such scams and what to do when they find themselves caught up in the scam. An educated employee is more likely to contact their I.T. department or I.T. consultant before making a mistake that can cost their employer thousands of dollars. An educated employee is also more likely to report when their "computer is acting funny".
A single meeting to discuss such issues, while helpful, is not enough. Many employees will need repetition before I.T. advice will alter how they use their computer. For many companies, the easiest solution is to include an I.T. segment into their existing staff meetings. During this segment staff should be educated on a variety of I.T. topics including:
- how to recognize a suspicious email (and attachment)
- what fake emails your business is currently receiving that staff should look out for
- who to contact if they believe that an email or attachment may be fake
- how to visit a website and login manually rather than click on a link contained within an email
- what to do if their web browser redirects them to a fake warning web page urging them to call a phone number
- how to hover over a hyperlink to see where it really points to
- who are the only authorized I.T. staff/consultants allowed to remote into their computer
- when to limit or completely exclude personal Internet usage when on an employer owned device
- when to limit Facebook usage to only the person responsible for managing your Facebook page
- the importance of reporting suspicious computer behavior immediately instead of waiting
I.T. segments are also a perfect opportunity for employees to inform each other about what they have encountered recently while using their computer. Employee participation should be encouraged. In addition, I.T. segments will help bring new employees up to speed more quickly regarding your business I.T. usage policies. Remember, employees are your most valuable resource. They deserve to be properly trained on how to use your company equipment when browsing the Internet and using email.
Adding an I.T. segment to your staff meetings is free, cleaning up a virus attack or hack may cost your business thousands of dollars.