“The Americans are the most gullible, because they don’t like to deny coworkers’ requests.”
–Kevin Mitnick, formerly the world’s most-wanted hacker
Antivirus and firewall protection won’t keep your data safe
Today, only 3% of malware attacks target a technical flaw; the other 97% target users through social engineering. Hackers collect information about a company, then send fraudulent emails to employees and trick them into clicking a fraudulent link or releasing valuable information. And here’s the worst part: It works. 91% of data breaches are the result of social engineering schemes like phishing.
Think Your Team Would Never Fall For That? Think Again.
Are you willing to bet $6 million on how cyber-savvy your team is? This is how much money the Wall Street firm SS&C Technology lost in 2016 when their employees fell for what the FBI calls a “Business Email Compromise.” Six fraudulent wire transfers were requested over email, and SS&C employees authorized every single one. They lost millions of dollars, and their reputation, in the process. Could you recover from that kind of careless mistake?
Keep Out Hackers with End-User Awareness Training
End-user awareness training educates employees about the dangers of social engineering, spam, phishing, and other tactics hackers use today. Rather than rely on once-a-year sessions, modern training programs run automatically, with simulated attacks, so employees in every industry are always on their toes. End-user awareness training teaches your team to make sure the threats facing your company are always top of mind.
With the right training, you can reduce your risk of becoming the victim by 90% and give your employees the tools they need to prevent:
- Ransomware attacks
- CEO fraud
It’s time to stop leaving your team vulnerable to modern cyber-attacks.
Building The Human Firewall
Learn how to build an effective end user security strategy!
Will Hackers Destroy Your Company This Year?
In September 2017, SMART PT, a physical therapy clinic in Massachusetts, received a message from an infamous hacker. The message basically stated, “I’ve stolen your patient records. Pay the ransom or your data will be released to the public.” The company refused to be extorted, and as a result, the hacker released information on 16,428 SMART PT patients. Names, birth dates, and Social Security numbers spilled onto the Dark Web, and SMART PT was left to clean up the mess, and repair their patients’ broken trust.
SMART PT isn’t the first victim of this hacker’s criminal escapades. Just a few months prior, this same hacker exposed 180,000 patients records from a dentist in New York, a surgeon in California, and a surgery center in Florida. Though health care providers are hit hard by cyber-crime, they aren’t the only industry that should be on alert. The Verizon Data Breach Investigation Report found 61 percent of breaches hit small businesses across industries.
Security Is An On-going Program
Considering this common threat business owners face, you would think they’d be more proactive about protecting themselves. But in my experience, this is far from the reality. More often than not, a company will do one thing to address the threat, and assume that means they’re set for life. They never double check their security — until after they’ve suffered a breach, that is. Then they call me to look into the matter, and discover they weren’t as prepared as they thought.
After Diving Into Hundreds Of Businesses, Nobody Is Doing It Right…
After hundreds of assessments, it’s always the same. I’ve worked with business owners for over three decades, and I continue to be baffled by how willing some people are to ignore dangerous threats to their company. It’s especially frustrating when you realize that small businesses can go far in avoiding the worst-case scenario with a simple risk analysis.
What are your company’s critical data assets? The things your business cannot do without? I’m talking about your email, financial software, video data, and security or monitoring technology. Imagine you suddenly don’t have access to them anymore. What would happen to your company then?
When analyzing risk, this is the reality we examine. My team generates a report based on interviews with executive management, workflow analysis, system review, data analysis, and activities discovered on the corporate system and networks. With this information, we identify critical data assets and organize them based on the likelihood of suffering a break and which assets would have the greatest impact.
Next, we look at each asset and determine maximum tolerable downtime (MTD) and restore point objected (RPO). Basically, how long can your company afford to have a specific asset down, and how much data can you afford to lose during a disaster? You probably won’t be surprised to learn most companies allow for very lost MTD, but have no method to regain control of valuable assets in the desired amount of time.
What’s the Worst that Could Happen?
In addition to examining critical data assets, we also conduct a detailed threat analysis. Our team calculates the likelihood of a ransomware or email spoof, possible intellectual capital loss, and what backup system and recovery plans are in place in the event of a total system failure. It can be unnerving to learn where your company stands, especially if you are forced to face an unpleasant truth about your lack of preparedness. However, these are the risks you need to assess to determine how you can appropriately respond to a breach.
As I’ve said before, there’s no way to completely protect yourself from a cyber-attack. If a criminal wants to get into your business, they’re sure as hell going to find a way. However, you can ensure your company will be backed up and running fast, minimizing damage, and protecting yourself from devastating repercussions.