How to Prepare Your Employees for Phishing Attacks

a close up of a computer keyboard with the word intps on it

Phishing attacks are no joke, especially for business owners. Phishing is when a criminal pretends to be a reputable company to trick you into revealing personal information. This is usually done through emails, and they’re usually after passwords. 

To prevent your business from falling victim to a phishing attack, you have to prepare your employees to combat it. With that in mind, here are four ways to go about that.

Check for Grammar Mistakes

Even though American businesses are usually targeted for phishing, the attacks originate from overseas. That means that English might not be the hacker’s first language. Tell your employees to keep this in mind as they look over any suspicious emails. If it contains misspelled words, poor punctuation, or awkward phrasing, it may be a phishing attempt. 

Phishing Scams Will Claim to Be Urgent

Phishing emails always want you to act as quickly as possible. They’ll tell you that an issue involving your credit card or password needs to be resolved immediately. If you or your staff read an email like that, take a second to analyze it. Then, remember that a reputable company probably wouldn’t try to rush you.

Be Cautious When it Comes to Phishing on Mobile Devices

Mobile devices aren’t as secure as desktops. Thus, that’s why they’re far more likely to be targeted. Communication apps like Skype, Slack, and Facebook Messenger are especially vulnerable. Additionally, tell your employees to ignore any suspicious messages received on their phones.

Have Good Dental Hygiene

Make sure your employees have good digital hygiene. They shouldn’t be posting any information on social media that hackers can use. These guys are used to utilizing tiny bits of information to amass gigantic attacks. However, if they don’t have that, they’ll be forced to try phishing anonymously. Those attacks are easier to defend against.

For more advice on combating attacks, contact us today. We offer specialized IT services to help your business succeed. 

Data Replication vs. Data Backup – Understanding the Difference

a red object is surrounded by rows of white ones

Recently, the most cost-efficient data restoration mechanism available for SMBs was simply to ensure they maintained regular data backups. This was not necessarily ideal since any restored data came from a previous point in time, and the restoration process to recover data was potentially quite lengthy. This meant a business could be down perhaps even for several days, and any data that was recovered was even older. In this post, we will point out the differences between data backups and data replication and how data replication can now outperform traditional data backups in key areas.

Data Backups 

A traditional data backup is essentially a complete snapshot of a company’s data at one given point in time. While there certainly is value in maintaining a regular complete copy of all corporate data, traditional data backups have some less-than-ideal aspects. More and more businesses rely on their data to efficiently run their business. Thus, even losing a few hours’ worth of data can be quite catastrophic. Therefore, making the less-than-ideal aspects of traditional backups even more glaring.

In the past, the best a small or medium-sized company could hope for in the event of data loss was to restore their last backup. After the restoration process, they relied on manual entrance of their business data. This would bring them to the point just prior to the system failure. This entire process was time-consuming and prone to error.

Data Replication

Up until fairly recently, maintaining a near-mirror replication of company data in a remote location was affordable only for enterprise-level organizations. Now, with cloud-based replication, the costs associated with maintaining a cloud-based, real-time copy of all corporate data is becoming realistically affordable for even smaller businesses. With cloud-based replication, in the event of a system failure, even small companies can have a fresh, up-to-date copy of corporate data available to them within minutes.

If you would like to know more about real-time data replication, please contact us.

Warning – The Most Effective Social Engineering Attacks

a person holding a cell phone in their hand

Although it may seem as if hackers, criminals, and thieves prefer the challenge of attacking only seemingly impenetrable computer systems, this is not necessarily the case. While it is true that companies do need effective security measures in place to handle these types of impersonal attacks, hackers still frequently turn to more traditional methods of cyber attacks for one good reason.

As IT security methods continue to become more sophisticated, hackers sometimes find it more lucrative (and easier) to perform social engineering attacks that allow them to manipulate human behavior. Unfortunately, this is because staff members are either poorly trained (if at all) to spot hacking attempts or unlike a machine, they sometimes let their guard slip. Of course, hackers understand all too well that a busy or unsuspecting employee may eventually provide them with an opportunity to slip their way into a corporate system — they just need patience.

Top Social Engineering Attacks 

  • Phishing – All it takes is a credible-looking email with either a link or an attachment to click on, and an employee may either give away sensitive information or allow a virus to enter their corporate computer system.
  • Spear Phishing – This is similar to traditional phishing attempts, except that hackers target a specific person in a company. Often the targets are in positions related to lucrative financial aspects of the company.
  • Whaling – Rather than targeting one individual, whaling attempts involve attacking an entire level of higher management. This could be in companies or government agencies. Some of the attacks require a significant amount of research and are quite sophisticated in nature.
  • Vishing – Vishing involves using a phone rather than email in order to impersonate a business. The hackers pretend to be a legitimate company simply making a business call. Their goal is to find unsuspecting employees who will provide them with sensitive corporate information, often banking details.
  • Pretexting – This type of hacking also involves impersonation. A hacker may phone an employee and pretend to be the company’s IT vendor. They may state they are investigating a hacking attempt. Then that they need passwords and other sensitive information for specific computer systems.
  • Baiting – A hacker may leave a memory stick somewhere in or outside of a company they want access to. An unsuspecting employee discovers the memory stick and plugs it into a company computer to determine what it contains. Unfortunately, the memory stick is loaded with a virus or other penetrative software.
  • Tailgating – This is another type of hacking attempt that involves the physical presence of the hacker. In this scenario, a hacker pretends to be a delivery driver, company visitor, or facilities manager in order to gain access to unauthorized areas.

Summary  

It’s difficult, if not impossible, for companies to stay up to date on all the latest technology pitfalls. Many hackers are very sophisticated, methodical, and patient. It takes a professional IT vendor who makes it their business to stay on top of all the latest technology security issues to develop an effective security training program for their clients. If you would like more information on security training for all of your staff members, please contact us.

Top 5 Mobile Device Security Protocols for Organizations

a person sitting at a desk with a cell phone

More and more organizations are allowing their staff to rely on portable smart devices in order to conduct official business. With 24-hour, on-the-spot access to key information and business tools, portable devices offer astounding amounts of flexibility and convenience — enabling employers to access their organization from anywhere. That said, the question must be asked, is enough being done to ensure mobile device security?

In this post, we will outline 5 tips to consider regarding corporate mobile use.

Updating Mobile Device Security Policies 

Whether an organization writes their own security policies or if they outsource their IT services to third-party, corporate leaders need to make sure their written security policies address specific issues regarding mobile use. Not only does this force companies to sit down and seriously consider all the ramifications of mobile data access, but it also lets staff members know that IT security policies are not just “office-only” policies to follow.

Protect What’s Really Important 

By updating corporate security policies, it becomes obvious that what businesses are really protecting is the data that employees might access. No one is going to write up a security policy regarding the potential loss of a mobile device that cost a few hundred dollars. From the top down, everyone needs to clearly understand that following mobile usage policies is about data, not simple device breakage.

Mobile Device Security  

There is security software specifically available for mobile devices. Companies must ensure that any mobile device their employees use, whether company or personally owned, has professional security software installed and updated regularly.

Scrambling the Data

Along with mobile security, there are also mechanisms available that will scramble, or encrypt, phone data such as contact lists, emails, text messages, etc. Companies should check with those handling their IT operations to ensure encryption software is installed on all corporate mobile devices.

Consider Bluetooth Access

Many people don’t spend nearly enough time thinking about what it really means to have Bluetooth-enabled devices. They don’t know that:

  • Most new devices come with Bluetooth enabled
  • Anyone nearby could potentially connect to their mobile device
  • Whether using Bluetooth for personal or business reasons, if it’s on, it’s on.

Bluetooth can be a very useful feature that allows one to take hands-free calls, texts, etc. but it is also very difficult to remember to manually turn it off when not in use. Companies need to seriously consider whether to allow their employees to use Bluetooth at all or at least use security software that addresses Bluetooth use.

If you would like to know more about developing comprehensive security policies regarding employee mobile usage, please contact us.

5 Cybersecurity Questions to Ask Your Team

two men sitting in chairs with laptops on their laps

The more that technology advances, the more cyber attacks are committed against businesses of all sizes and in all fields of work. Your business is no exception. As you rely more on the internet and on machines to store data, information, and other sensitive material, you need to be aware of the cybersecurity threats that exist to your company.

While this threat may seem overwhelming and daunting, the risks to your company are indeed manageable ones. When talking to your IT team, whether they are workers your company hired or from outside IT firms, the following are 5 questions that you should be asking these professionals to understand your business’s risk and cybersecurity situation:

1. How is our company’s top leadership informed about cyber risks? 

Your IT department must communicate with the rest of the company about the risks of being the victim of a cyber attack. Understanding the current risks and what the IT department is doing to mitigate those risks is vital to keeping your company’s information safe. Ultimately, the CEO is the one responsible for any “risks” that are present for his or her company. They must be informed in order to make smart decisions about how the company’s information can be best protected.

2. What is the current business impact of cybersecurity risks on our company and how do we plan to address these risks? 

CEOs and other top company executives must understand the cybersecurity risks that their company faces. They should also be informed of what the IT professionals that work for the company are doing to mitigate these risks and keep the company information safe. Knowing this information and constantly communicating updates can keep anyone from making poor decisions. That is if panic ever does strike.

3. Does our cybersecurity program implement the best and latest practices that keep up with industry standards? 

CEOs and other top company executives should be kept up-to-date on industry standards in cybersecurity. Additionally, how their company’s practices stack up against those standards. If the company is not up-to-date on the industry standards, then they must know what the plan is from the IT department to get the company there. Being up-to-date on industry standards for cybersecurity is vital to keeping your company’s information as safe as possible from people who would do you harm if they got ahold of that information.

4. What cybersecurity threats does your IT department identify each week? 

CEOs and other top company officials should be kept up to date on the latest cybersecurity threats facing their company. Ideally, these updates are given on at least a weekly basis. Updates should include recent threats and what has been done to limit those threats. Additionally, what new threats have popped up (if any), and what is being done to handle those threats?

5. How far-reaching is our cyber incident response plan? How often do we test it?

Despite your IT department’s best attempts to keep your company’s information safe, if something such as a data breach were to happen, what would the response be? It’s important for the CEO and higher-ups to understand what will be done if such a security breach happens. First, the plan is explained to the higher-ups. Then, they should be informed of how often the plan is tested to ensure that it is thorough and effective.

These are 5 questions that you should be asking your IT company. Thus, ensure that your business is as safe from cybersecurity threats as possible. Actively having a plan in place to protect your company’s information is key. It will keep your business from being a target of any sort of cybersecurity threat. Moreover, having a plan in case your company is the target of an attack is also vital. Despite your best intentions, cybersecurity breaches can happen. How you react can help control the extent of how much more severe you make the problem. Performing rash actions in the event of a cyber attack is never a good idea.

For more information on questions you should be asking your IT team, please feel free to contact us at Blutwater Technologies for further assistance.