“The Americans are the most gullible because they don’t like to deny coworkers’ requests.”
–Kevin Mitnick, formerly the world’s most-wanted hacker
Antivirus and Firewall Protection Will NOT Keep Your Data Safe
Only 3% of modern cyber-attacks target a technical flaw — the other 97% target users through social engineering.
It’s simple for hackers. Here is an example:
Using LinkedIn, hackers access the hierarchy of your company. Then using fraudulent emails, targeting the leadership team (most vulnerable). Tricking them into clicking malicious links, attachments, or disclosing valuable information.
The worst part? It works.
91% of data breaches are the result of social engineering scams. Like phishing.
Think Your Team Would Never Fall For That? Think Again.
Would you bet $6 million on how cyber-savvy your team is? A Wall Street Journal article reports SS&C Technology lost $6mil in 2016. Employees fell for what the FBI calls “Business Email Compromise.”
Six fraudulent wire transfers… SS&C employees authorized every single one.
They lost millions of dollars and their reputation in the process.
Could you recover from that kind of careless mistake?
The #1 Way to Keep Hackers Out – Awareness Training
Awareness training educates employees on the tactics hackers use against them. Rather than relying on occasional email reminders. Successful programs use short in-person training events coupled with occasional simulated attacks.
Keeping employees on their toes. Ensuring threats remain top of mind. Reducing your risk of becoming a victim.
Give your employees tools to prevent:
- Ransomware Attacks
- Payroll Diversion
- Invoice Redirect
- Crippling Malware Infections
- Wire Fraud
Will Hackers Destroy Your Company This Year?
SMART PT, a physical therapy clinic, received an email in September of 2017. “I’ve stolen your patient records. Pay the ransom, or we will release your data.”
The company refused to pay the extortion. In response, the hacker exposed information on 16,428 SMART PT patients. Names, birth dates, and Social Security numbers, spilling onto the Dark Web.
Leaving SMART PT to clean up the mess and repair their patients’ broken trust.
SMART PT isn’t the first victim of this hacker’s criminal escapades. A few months prior, the same hacker exposed 180,000 patient records from other companies. Including a dentist in New York, a surgeon in California, and a surgery center in Florida.
Though health care providers are often prime targets, they aren’t the only industry that should be on alert. A Verizon Data Breach Report found 61 percent of breaches hit small businesses – across all industries.
Security Is An On-going Program
Adequate security is not “Set It and Forget It.” It requires on-going, proactive strategies to combat the ever-changing threats businesses face daily.
Businesses are often unaware of the danger they are in — until after a breach.
Working with business owners for over three decades. I found all most would have avoided the worst-case scenario with a simple risk analysis. After performing hundreds of assessments, most have similar results.
Where to look first?
What’s your company’s critical data?
Email, financial software, files, and customer relations (CRM) data…
Imagine permanently losing access to everything, or for a prolonged period of time.
How long could you continue?
When analyzing risk, this is where we focus. Here is an outline of our approach to helping business leaders identifying risk:
Generating a non-technical, executive report focused on corporate digital assets (data). The results are based on interviews with management – covering compliance requirements, disaster recoverability, risk analysis, and company policies. We measure the results against activities discovered during our technical site walk-through.
Using this information, we identify risks to critical data. Organizing the results in a simple impact vs. likelihood graph. Providing management teams clarity to make actionable and informed decisions. Reducing risks to your business, legacy, and livelihood.
How Long Can You Tread Water?
Next, we look at each asset and determine maximum tolerable downtime (MTD) and restore point objective (RPO).
How much downtime can your business tolerate?
How much data can you afford to lose after an unexpected event?
Most companies have low downtime requirements, yet have no method to regain control in the required amount of time.
What’s the Worst that Could Happen?
In addition to examining critical data assets, we also conduct a detailed threat analysis. Our team calculates the likelihood of a cyber-attack – possible data loss, and recovery plans in place in the event of a total loss.
It can be scary to learn where your company stands, especially when facing a complete lack of preparedness. However, these are the risks you need to assess to determine how you can appropriately respond to a breach.
As I’ve said before, there’s no guaranteed way to completely protect yourself from a cyber-attack. If a criminal wants to get into your business, they’re sure as hell going to find a way.
You can only ensure your company has the ability to detect and respond, minimizing damage and protecting yourself from devastating repercussions.
The key question to ask yourself is…
Am I comfortable with my companies ability to detect and respond to a security violation, before data is lost and compromised?
— Randy Sklar
Have You Grabed Our “5 Ways Your Employees Are Helping Hackers Steal Your Data” Yet?