With all your responsibility, you probably don’t have enough time to go in-depth on cyber knowledge. But as a business leader, it’s on you when the company cracks. You should be an exemplar of your company’s cyberculture — alert and knowledgeable, the man or woman to whom everyone goes with their security questions.
So we’ll tell you how to be cyber savvy in a few straightforward ways.
They’re Phishing For You
You need to be on the lookout for personalized phishing emails, SMS, and voice spoofing: the kinds of attacks that occur in the bright of day rather than the hacker looking at your network vulnerabilities.
You’ve known Joe or Sarah in accounting for a long time. You’ve traded pictures of your vacations and seen them at company events, but you also work closely together. The number of emails between you demonstrate the level of trust you have with them. There’s never been reason to doubt their truthfulness or loyalty to the company.
That’s where spearphishing or whaling comes in. Personalized communication lowers your defenses. It’s also harder to detect by system administrators, who generally don’t have time to review every email coming in and going out of an organization. Hackers and scammers can glean detailed knowledge about you from various email threads while the cyber criminal quietly and patiently observes your inbox, folders, or trash over time.
Spearphishing can lead to business email compromise (BEC), the costs rising yearly. The types of data an attacker can gather include your email contacts, files, tasks, and calendar. Hackers can also hijack your email account to send ransomware or other malware.
Phishing led to a 2013-2015 attack on Facebook and Google, which cost the companies over $100 million combined. If these big players were hit, you can, too.
Reset passwords or MFA, bogus email, digital or physical assets, new data in the course of business (addresses for vendors and accounts), and higher levels of spam email and a slower-running computer, which can be a sign of malicious software installations. Suppose you suddenly see fake tax returns, credit card charges, new credit or vendor accounts, credential theft, unauthorized network access, supply chain or vendor compromise, or even wire transfers. You may have been the one who helped the hack along by disclosing information or authorizing account transactions.
In the rush of business, you need to examine your actions. Don’t click or open email attachments, check for the signs of phishing emails, and beware being duped by urgent requests. Hackers are hunting for the lowest-hanging fruit first, and that’s usually the human element, i.e., you.
When you do these things, you can also reduce the possibility of the trading of your personally identifiable information (PII) on the dark web. Keep your data sharing with those with whom you speak in person. And if you talk to someone by phone, make sure you’re not speaking with a vishing criminal.
Be prepared for not only out-of-the-ordinary requests but also consider those you encounter in the typical business day. The shuffle can hide malicious actors and their traffic.
Keep your business, employee, and personal data safe and secure. Sharing login credentials, using non-work computers, or thoughtlessly approving transactions can lead to disaster. Use Bitlocker Drive Encryption and a password manager.
Watch for the aforementioned telltale signs of a data compromise.
Read Our Resources
We keep you up to date on the methods and tactics of malicious hackers and bad actors. Read our phishing post here. Your duty is to learn the signs of a bogus email, text message, or phone message.
You also should consider our series on passwords: company practices on password creation, company password practices and policies, and employee password training. These practices and procedures are indispensable in today’s business climate of increasing connectivity and security challenges.
You or your CTO need to communicate with your network administrators to keep your Outlook or Microsoft 365 servers secure because BEC is taking down big and small organizations. Either of you should also mandate that your administrators apply the principle of minimal privilege–only giving employees and guests the absolutely-needed permissions on your network. You are are also an employee and should be subject to the same principle. You may not need permissions for accounting or human resources, and most certainly do not need network administration rights.
Finally, follow our recommendations for training employees.
Your steps should take you beyond the average cyber awareness to cyber savviness. You’re the leader, and you have to think like a cyber analyst. Tech Kahunas can make you one.
Tech Kahunas knows the needs of SMBs and organizations.
We’ll stay on top of the threats.
We’ll watch your data.
We’ll review your risks.
We’ve got years of this.