fbpx
Question? Call Us 858-777-0040
Logo 01

CEO’s, Know Your Enemy

CEOs Know Your Enemy
Download the accountant's guide to the safeguards ruleGet your CPA firm aquainted with new FTC rules.

Read our latest eBook "The Accountant's Guide to the FTC Safeguards Rule"

With all your responsibility, you probably don’t have enough time to go in-depth on cyber knowledge. But as a business leader in San Diego, it’s on you when the company cracks.

You should be an exemplar of your company’s cyberculture — alert and knowledgeable, the man or woman to whom everyone goes with their security questions.

So we’ll tell you how to be cyber savvy in a few straightforward ways.

They’re Phishing For You

You need to be on the lookout for personalized phishing emails, SMS, and voice spoofing: the kinds of attacks that occur in the bright of day rather than the hacker looking at your network vulnerabilities.

You’ve known Joe or Sarah in accounting for a long time. You’ve traded pictures of your vacations and seen them at company events, but you also work closely together. The number of emails between you demonstrate the level of trust you have with them.

There’s never been reason to doubt their truthfulness or loyalty to the company.

That’s where spearphishing or whaling comes in. Personalized communication lowers your defenses. It’s also harder to detect by system administrators, who generally don’t have time to review every email coming in and going out of an organization.

Your Email Account Can Be Their Email Account

Spearphishing can lead to business email compromise (BEC), the costs of which are rising yearly.

Hackers and scammers can glean detailed knowledge about you from your various email threads, quietly and patiently observing your inbox, folders, or trash over time.

The types of data an attacker can gather include your email contacts, files, tasks, and calendar.

Hackers can also hijack your email account to send ransomware or other malware.

Phishing led to a 2013-2015 attack on Facebook and Google, which cost the companies over $100 million combined. If these big players were hit, so can you.

Suppose you suddenly see you have fake tax returns, credit card charges, new credit or vendor accounts, credential theft, unauthorized network access, supply chain or vendor compromise, or even wire transfers.

You may have been the one who helped the hack along by disclosing information or authorizing account transactions through email. 

Don’t Be Hasty

Hackers take advantage of users who are in a rush.

Before you act, you need to examine your business communication decisions.

Don’t click or open email attachments, check for the signs of phishing emails, and beware being duped by urgent requests.

Hackers are hunting for the lowest-hanging fruit first, and that’s usually the human element, i.e., you.

When you do these things, you can also reduce the possibility of the trading of your personally identifiable information (PII) on the dark web.

Keep your data sharing with those with whom you speak in person. And if you talk to someone by phone, make sure you’re not speaking with a vishing criminal. Deepfakes are getting more and more difficult to spot. 

Hackers Are Lurking In The Traffic – When You Least Suspect It

Be prepared for not only out-of-the-ordinary requests, but also consider those you encounter in the typical business day. The shuffle can hide malicious actors and their traffic.

Keep your business, employee, and personal data safe and secure.

Sharing login credentials, using non-work computers, or thoughtlessly approving transactions can lead to disaster. Use Bitlocker Drive Encryption and a password manager.

Watch for the aforementioned telltale signs of a data compromise.

Outlook/Microsoft 365 Vulnerabilities

You or your CTO need to communicate with your network administrators to keep your Outlook or Microsoft 365 servers secure because BEC is taking down big and small organizations.

Principle Of Minimal Privilege

Business leaders should create policies about multifactor authentication (including awareness around bypassing, spoofing, or social engineering) and protecting PII.

You should also mandate your administrators apply the principle of minimal privilege–only giving employees and guests the absolutely needed permissions on your network.

Keep in mind that you are also an employee and should be subject to the same principle. You may not need permissions for accounting or human resources, and most certainly do not need network administration rights.

Implement Employee Training

Finally, follow our recommendations for training employees

Read Our Resources

We keep you up to date on the methods and tactics of malicious hackers and bad actors. Read our phishing post here. Your duty is to learn the signs of a bogus email, text message, or phone message.

You also should consider our series on passwords: company practices on password creation, company password practices and policies, and employee password training.

These practices and procedures are indispensable in today’s business climate of increasing connectivity and security challenges.

Conclusion: Be The Company Expert

Your steps should take you beyond the average cyber awareness to cyber savviness. You’re the leader, and you have to think like a cyber analyst. Tech Kahunas can make you one.

***

Tech Kahunas is a San Diego Managed IT Services provider that provides IT support and services like 24/7 monitoring, data backup and restore, and malware protection.

Tech Kahunas will help you Defend Your Island. Set up a free 30-minute Strategy Session with us now.

The four elements of the KahunaVision Technology Assessment are:

– Outsourcing –
Upgrade with our Kahunas. We’ll take your concerns (and problems) so you can do what you do best.

– Modernization –
Throw away that old tech! Take advantage of artificial intelligence, cloud apps, and fortified backups.

– Cybersecurity –
Don’t understand cybersecurity? Strengthen your IT systems with your personal Tech Kahuna.

– Compliance –
Compliance is boring–but many businesses still need to do it! We’ll help you with that, too.

Kahuna Shield will tie it all together.

Get your CPA firm aquainted with new FTC rules.

Read our latest eBook "The Accountant's Guide to the FTC Safeguards Rule"

Leave a comment

Your email address will not be published. Required fields are marked *

Peter Bondaryk
Peter Bondaryk
Facebook
Twitter
LinkedIn
Pinterest

– Outsourcing –
Upgrade with our Kahunas. We’ll take your concerns (and problems) so you can do what you do best.

– Modernization –
Throw away that old tech! Take advantage of artificial intelligence, cloud apps, and fortified backups.

– Cybersecurity –
Don’t understand cybersecurity? Strengthen your IT systems with your personal Tech Kahuna.

– Compliance –
Compliance is boring–but many businesses still need to do it! We’ll help you with that, too.

Wield the Kahuna Shield

Schedule a strategy session

Get Our FREE C-Suite and Business Owner's Guide
to Cybersecurity
csuite-ebook-homesplash
Latest posts
Follow us

Get Our FREE Accountant's Guide to the FTC Safeguards Rule Ebook!

The New FTC Requirements
That Will Change the Way You
Do Business

Get Your FREE Copy!​

Sign up to learn how you can protect against cybercrime

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

If today your business was hacked and you were at risk of losing it all...
Do you have a plan?
We will not spam, rent, or sell your information.

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

Join our newsletter and get a 20% discount
Promotion nulla vitae elit libero a pharetra augue