Question? Call Us 858-777-0040
Tech Kahunas Header Logo

CEO’s, Know Your Enemy

CEOs Know Your Enemy

With all your responsibility, you probably don’t have enough time to go in-depth on cyber knowledge. But as a business leader, it’s on you when the company cracks. You should be an exemplar of your company’s cyberculture — alert and knowledgeable, the man or woman to whom everyone goes with their security questions.

So we’ll tell you how to be cyber savvy in a few straightforward ways.

They’re Phishing For You

You need to be on the lookout for personalized phishing emails, SMS, and voice spoofing: the kinds of attacks that occur in the bright of day rather than the hacker looking at your network vulnerabilities.

You’ve known Joe or Sarah in accounting for a long time. You’ve traded pictures of your vacations and seen them at company events, but you also work closely together. The number of emails between you demonstrate the level of trust you have with them. There’s never been reason to doubt their truthfulness or loyalty to the company.

 That’s where spearphishing or whaling comes in. Personalized communication lowers your defenses. It’s also harder to detect by system administrators, who generally don’t have time to review every email coming in and going out of an organization. Hackers and scammers can glean detailed knowledge about you from various email threads while the cyber criminal quietly and patiently observes your inbox, folders, or trash over time. 

Spearphishing can lead to business email compromise (BEC), the costs rising yearly. The types of data an attacker can gather include your email contacts, files, tasks, and calendar. Hackers can also hijack your email account to send ransomware or other malware. 

Phishing led to a 2013-2015 attack on Facebook and Google, which cost the companies over $100 million combined. If these big players were hit, you can, too.

Reset passwords or MFA, bogus email, digital or physical assets, new data in the course of business (addresses for vendors and accounts), and higher levels of spam email and a slower-running computer, which can be a sign of malicious software installations. Suppose you suddenly see fake tax returns, credit card charges, new credit or vendor accounts, credential theft, unauthorized network access, supply chain or vendor compromise, or even wire transfers. You may have been the one who helped the hack along by disclosing information or authorizing account transactions. 

 In the rush of business, you need to examine your actions. Don’t click or open email attachments, check for the signs of phishing emails, and beware being duped by urgent requests. Hackers are hunting for the lowest-hanging fruit first, and that’s usually the human element, i.e., you.

When you do these things, you can also reduce the possibility of the trading of your personally identifiable information (PII) on the dark web. Keep your data sharing with those with whom you speak in person. And if you talk to someone by phone, make sure you’re not speaking with a vishing criminal. 

Be prepared for not only out-of-the-ordinary requests but also consider those you encounter in the typical business day. The shuffle can hide malicious actors and their traffic.

Keep your business, employee, and personal data safe and secure. Sharing login credentials, using non-work computers, or thoughtlessly approving transactions can lead to disaster. Use Bitlocker Drive Encryption and a password manager.

Watch for the aforementioned telltale signs of a data compromise.

Read Our Resources

We keep you up to date on the methods and tactics of malicious hackers and bad actors. Read our phishing post here. Your duty is to learn the signs of a bogus email, text message, or phone message.

You also should consider our series on passwords: company practices on password creation, company password practices and policies, and employee password training. These practices and procedures are indispensable in today’s business climate of increasing connectivity and security challenges.

You or your CTO need to communicate with your network administrators to keep your Outlook or Microsoft 365 servers secure because BEC is taking down big and small organizations. Either of you should also mandate that your administrators apply the principle of minimal privilege–only giving employees and guests the absolutely-needed permissions on your network. You are are also an employee and should be subject to the same principle. You may not need permissions for accounting or human resources, and most certainly do not need network administration rights.

Business leaders should create policies about multifactor authentication (including awareness around bypassing, spoofing/faking, or social engineering targets) and protecting PII.

Finally, follow our recommendations for training employees

Your steps should take you beyond the average cyber awareness to cyber savviness. You’re the leader, and you have to think like a cyber analyst. Tech Kahunas can make you one.

Tech Kahunas knows the needs of SMBs and organizations.

 We’ll stay on top of the threats.

 We’ll watch your data.

 We’ll review your risks.

We’ve got years of this.

Leave a comment

Your email address will not be published.

Peter Bondyark and J.C. Berry
Peter Bondyark and J.C. Berry
Subscribe for security updates.
Latest posts
Follow us
The Road To Cyber Strength Thumbnail
Tech Kahunas FREE EBOOK

Get Your Copy of
The Road to Cyber strength

Download Tech Kahunas’ latest eBook The Road to Cyber Strength. Read about the state of cybersecurity in 2022, the companies that didn’t make it, and where the road can lead you in 2023 and beyond.

What if Today you or your business was hacked and you were at risk of losing it all? Do you have a plan?
We will not spam, rent, or sell your information.

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

Join our newsletter and get a 20% discount
Promotion nulla vitae elit libero a pharetra augue