Get your CPA firm aquainted with new FTC rules. With all your responsibility, you probably don’t have enough time to go in-depth on cyber knowledge. But as a business leader in San Diego, it’s on you when the company cracks.
You should be an exemplar of your company’s cyberculture — alert and knowledgeable, the man or woman to whom everyone goes with their security questions.
So we’ll tell you how to be cyber savvy in a few straightforward ways.
They’re Phishing For You
You need to be on the lookout for personalized phishing emails, SMS, and voice spoofing: the kinds of attacks that occur in the bright of day rather than the hacker looking at your network vulnerabilities.
You’ve known Joe or Sarah in accounting for a long time. You’ve traded pictures of your vacations and seen them at company events, but you also work closely together. The number of emails between you demonstrate the level of trust you have with them.
There’s never been reason to doubt their truthfulness or loyalty to the company.
That’s where spearphishing or whaling comes in. Personalized communication lowers your defenses. It’s also harder to detect by system administrators, who generally don’t have time to review every email coming in and going out of an organization.
Your Email Account Can Be Their Email Account
Spearphishing can lead to business email compromise (BEC), the costs of which are rising yearly.
Hackers and scammers can glean detailed knowledge about you from your various email threads, quietly and patiently observing your inbox, folders, or trash over time.
The types of data an attacker can gather include your email contacts, files, tasks, and calendar.
Hackers can also hijack your email account to send ransomware or other malware.
Phishing led to a 2013-2015 attack on Facebook and Google, which cost the companies over $100 million combined. If these big players were hit, so can you.
Suppose you suddenly see you have fake tax returns, credit card charges, new credit or vendor accounts, credential theft, unauthorized network access, supply chain or vendor compromise, or even wire transfers.
You may have been the one who helped the hack along by disclosing information or authorizing account transactions through email.
Don’t Be Hasty
Hackers take advantage of users who are in a rush.
Before you act, you need to examine your business communication decisions.
Don’t click or open email attachments, check for the signs of phishing emails, and beware being duped by urgent requests.
Hackers are hunting for the lowest-hanging fruit first, and that’s usually the human element, i.e., you.
When you do these things, you can also reduce the possibility of the trading of your personally identifiable information (PII) on the dark web.
Keep your data sharing with those with whom you speak in person. And if you talk to someone by phone, make sure you’re not speaking with a vishing criminal. Deepfakes are getting more and more difficult to spot.
Hackers Are Lurking In The Traffic – When You Least Suspect It
Be prepared for not only out-of-the-ordinary requests, but also consider those you encounter in the typical business day. The shuffle can hide malicious actors and their traffic.
Keep your business, employee, and personal data safe and secure.
Sharing login credentials, using non-work computers, or thoughtlessly approving transactions can lead to disaster. Use Bitlocker Drive Encryption and a password manager.
Watch for the aforementioned telltale signs of a data compromise.
Outlook/Microsoft 365 Vulnerabilities
You or your CTO need to communicate with your network administrators to keep your Outlook or Microsoft 365 servers secure because BEC is taking down big and small organizations.
Principle Of Minimal Privilege
Business leaders should create policies about multifactor authentication (including awareness around bypassing, spoofing, or social engineering) and protecting PII.
You should also mandate your administrators apply the principle of minimal privilege–only giving employees and guests the absolutely needed permissions on your network.
Keep in mind that you are also an employee and should be subject to the same principle. You may not need permissions for accounting or human resources, and most certainly do not need network administration rights.
Implement Employee Training
Finally, follow our recommendations for training employees.
Read Our Resources
We keep you up to date on the methods and tactics of malicious hackers and bad actors. Read our phishing post here. Your duty is to learn the signs of a bogus email, text message, or phone message.
You also should consider our series on passwords: company practices on password creation, company password practices and policies, and employee password training.
These practices and procedures are indispensable in today’s business climate of increasing connectivity and security challenges.
Conclusion: Be The Company Expert
Your steps should take you beyond the average cyber awareness to cyber savviness. You’re the leader, and you have to think like a cyber analyst. Tech Kahunas can make you one.
***
Tech Kahunas is a San Diego Managed IT Services provider that provides IT support and services like 24/7 monitoring, data backup and restore, and malware protection.
Tech Kahunas will help you Defend Your Island. Set up a free 30-minute Strategy Session with us now.
