Cyber Security is a Shared Responsibility
Cyber security sounds like something that falls under the responsibility of the IT department. The IT department may handle many of the responsibilities that go along with protecting the company from cyber threats, but that doesn't make security the sole responsibility of the IT department.
Ensuring that your business doesn't fall prey to a cyber attack is everyone's responsibility. With 43% of cyber attacks targeting small businesses, it's more important than ever that everyone on your team participate in your cyber security measures.
1. Every end user must be on the lookout for scams.
Phishing scams attempt to gain private data, including passwords, financial information, or information about your clients, often through phone calls or emails. In order to avoid falling prey to a scam, make sure that you're following these key steps.
Always follow up on where requests are coming from.
Check email addresses carefully. If you receive a request that came from an unknown or suspicious address, follow up in person with the appropriate department. Many scammers will attempt to replicate an email that looks like it comes from a contact within your organization. Others will send you an email that appears to come from a trusted source, including vendors.
Check the email address itself to make sure that it comes from the right source.
Pay attention to fake attachments.
Always check the attachments on emails carefully, especially before downloading. Never download an attachment that doesn't come from a reputable source. Keep in mind that if you aren't expecting an attachment from a specific source, you should not download it unless you can verify its legitimacy. You may also want to view documents in a protected view before downloading them, especially if they originate from an unfamiliar source.
Be suspicious of out of the ordinary payment instructions.
Any time you get an odd request or payment instructions that don't seem right, follow up within your department before giving away any private or sensitive information. If you don't typically handle payments for your organization or you haven't made a recent request, keep in mind that there's no reason for anyone to send you a payment request.
Even if you handle payments regularly, take care to ensure that they come from the right individual and that they follow the usual processes and instructions. If something seems off, you should always follow up with the company.
Be on the lookout for odd requests.
If you receive a request for something out of the ordinary, don't answer it immediately. Instead, talk to someone who can tell you where the request originated and whether you should follow up on it. That includes requests for information that you do not typically provide about your clients or information about your business that isn't usually shared.
Pay attention to phone requests, too.
Phone requests may appear to come from someone within the organization, but in some cases, they may originate from a scammer. Always confirm that you really are speaking to the person they claim to be before providing any information about your clients, your passwords, or your organization. Many scammers, for example, will call in pretending to be a member of your IT department, asking you to "log in" to a different location, where they will then gather your password for future use. If needed, call your IT team directly to confirm any requests.
Keep in mind that some scammers may attempt to get personal information from you over the phone, specifically through what seems like small talk, in an effort to crack your passwords or gain access to your systems.
2. Watch what you click!
Clicking on the wrong link can cause a cascade of trouble for your business. Pay careful attention to what you're clicking! Always confirm that the link goes where you expect it to. Also, when possible, type addresses directly into the address bar rather than clicking on links from emails. This simple strategy can help protect both your business and your personal information. Avoid clicking on pop-ups, in particular, since these can contain links to viruses.
3. Familiarize yourself with the steps the IT team takes to protect your business.
Chances are, the IT team takes many steps to protect your business and decrease the impact of cyber attacks. As an employee of that business, you don't have to understand every detail of the cyber security put in place to protect you, but you should have a decent idea of what protections the company has put in place, and how to stay in line with those requirements.
Anti-virus software provides a vital layer of protection against many pieces of malware. Familiarize yourself with the anti-virus software used by your organization – and what software isn't used by your organization. That way, if you see an unexpected pop-up or claim of a virus, you'll know whether it comes from your anti-virus software. (As always, if you have any questions or concerns about its legitimacy, contact your IT support team.)
Managed firewalls keep an eye on all traffic moving through your network. With a managed firewall, your team gets a solid understanding of exactly what traffic through your organization should look like, which means that it can more easily flag any suspicious traffic.
Advanced threat protection:
Either software or managed services can help catch more sophisticated cyber attacks, providing an additional layer of protection for your business.
Whether your business is hit by ransomware, locking you out of vital systems and away from important information, or you get hit by malware that deletes your data, having good backups can make a huge difference in your business's functionality. Every employee should have a basic understanding of how those backups work, including how or when to access data if an accident occurs or something gets deleted unexpectedly.
Not Confident That Your IT Team Can Handle Security?
Among the many protections to your company, a managed security provider can go a long way toward improving your overall security and providing a layer of protection against potential attacks. Need a free security assessment to get a better idea of how well your business is protected? Contact us today to learn more.
About Courtney Casey
In an industry dominated by men, Courtney Casey, Director of Marketing for Accent Computer Solutions, Inc., is making her mark on the world of information technology. Courtney has been immersed in the IT field most of her life and has been molded into the tech savvy expert she is today. She began working for Accent while earning her Bachelor's degree from California State University, Long Beach. Known in the Inland Empire as the "Tech Girl," Courtney is a regular columnist for the region's newspaper of record, The Press-Enterprise. Her columns address topical news trends, new technology products, and offer advice on how to embrace technology or avoid common IT pitfalls.