Meet Donna. Donna works in the accounting department at a mid-size business just like yours. She is smart, diligent, and a whiz with numbers. However, Donna isn’t the most tech savvy person on earth. One day she receives an email that looks like it came from her boss. At first glance she sees what looks to be his email address and email signature, but something is off. The email is telling her that he is stuck in a foreign country and needs to get home. In order to get a flight, he needs $5000 in Visa Gift Cards sent to him.
While Donna thinks something is strange about this request, she wants to ensure her boss can get on that flight and get home safely. She gets the online gift
cards with the company credit card and sends them. Five minutes later her boss calls, from his office. Donna got caught by a hacker in a phishing scam.
When thinking about what you can do to protect your business against hackers, things such as anti-virus software, a great security partner like Delval Technology Solutions, and strong firewalls comes to mind. However, one of the biggest assets at your disposal when it comes to protecting your network and your business is your employees. While they can be the way in for cyber-attackers through phishing, spear phishing and ransomware attacks, they can also be weaponized against them. With proper training and diligence, you team can be transformed from ordinary employees to human firewalls.
TRAINING
The first place to start is with proper training for your employees. After all, how does one know how to spot a threat when they do not even know what to look for. “Well, paying for all my employees to get training seems like a costly endeavor.” Not only is training less costly than you think, but it can also save you hundreds of thousands of dollars if not millions of dollars in cleaning up a breach and lost business. Companies such as Delval Technology Solutions, offer training that will not overwhelm your employees
with technical information but will show them what to keep their eyes peeled for. These courses include games, quizzes, and other ways to track how well
your employees are retaining the information.
RECOGNIZE AND INCENTIVIZE
People love recognition and being shown they are appreciated, and your employees are no different. That is why another great method to building strong human firewalls is to incentivize your workforce. Stress to them how important it is to be vigilante when it comes to these threats. After all, if it costs the company money and loses them business, it costs them money as well. A breach can even impact them personally, if social security numbers or credit card information is leaked. Give a small bonus to your secretary who
caught that phishing email. Buy your IT department a fancy lunch for shutting that malware attempt down. Send out a company email recognizing those that went
above and beyond internally to protect your business.
GO ALL IN
You may be reading this and think “Ok, I need to make sure a few departments are in on this.” It is important to remember that these cyber-criminals don’t discriminate when it comes to social engineering attacks. Everyone on your staff, from your accountants down to the custodial staff and mail room need to be in the loop when it comes to being human firewalls. These crafty hackers do everything from using cloned or even stolen key cards to get into secure areas, to disguising themselves as repair men to look over the
shoulder of your receptionist. You would never get a home security system to cover the whole house but the back door, would you? Use the same diligence when
it comes to your network security and your human firewalls. Keep in mind there is no such thing as over-prepared for a social engineering attack, only prepared or vulnerable.
TEST YOUR SYSTEM
Once you have all these tools in place, the final piece of the puzzle is testing your human firewalls. Utilize your security partners and send out test phishing emails. Leave a usb drive around to see if anyone turns it in. You want to keep your team of human firewalls aware and alert and all times so they stay focused on the threats and you can know where your weak points are and can strengthen them.
Let’s go back to Donna for a minute. Donna has undergone all the training and is becoming a stronger human firewall by the day. She gets an email from what appears to be HR asking her to click the link and reconfirm all of her login credentials. However, Donna is savy to the games of these hackers now. She hovers over the link and see it’s not connected to the company. She takes another look at the email and sees all the grammatical issues she would have once over-looked. She realizes the return address doesn’t go to HR, but to some random domain that looks similar. This time, Donna doesn’t respond, she forwards the email to IT and HR, thwarting the potential threat. Give that woman a bonus!