Viewing entries in
U.S. Small Business Administration recommends the following best practices, For education and cyber-prevention
Establish security practices and policies to protect sensitive information
Educate employees about cyberthreats and hold them accountable
Require employees to use strong passwords and to change them often
Employ best practices on payment cards
Make backup copies of important business data and information
Create a mobile device action plan
Protect all pages on your public-facing websites, not just the checkout and sign-up pages
The survey also found:
65 percent of business owners admit they have been victim of a cyberattack; computer virus attacks are the top type of attack reported at 33 percent, phishing is number two at 29 percent.
86 percent of business owners believe that digital risk will continue to grow.
30 percent of companies with 11-50 employees do not provide any type of formal training on cybersecurity.
Despite the simplicity of regularly updating software, seven percent of companies still fail to take that step.
Reputational risk is among the top reasons (45 percent) why business owners would consider investing in or purchasing a cybersecurity policy.
35 percent of business owners who have never experienced a cyberattack are unaware of the financial cost to recover, highlighting a dangerous gap in knowledge from the implications.
A cybersecurity assessment could help you minimize risk.
Social engineering is non-technical, malicious activity that exploits human interactions to obtain information about internal processes, configuration and technical security policies in order to gain access to secure devices and networks. Such attacks are typically carried out when cybercriminals pose as credible, trusted authorities to convince their targets to grant access to sensitive data and high-security locations or networks.
An example of social engineering is a phone call or email where an employee receives a message that their computer is sending bad traffic to the Internet. To fix this issue, end users are asked to call or email a tech support hotline and prompted to give information that could very likely give the cybercriminal access to the company’s network.
Phishing Email Compromises
One of the most common forms of social engineering is email phishing—an attempt to acquire sensitive information such as usernames, passwords and credit card data by masquerading as a trustworthy entity. Phishing is likely the #1 primary email threat employees need to focus on.
Such emails often spoof the company CEO, a customer or a business partner and do so in a sophisticated, subtle way so that the victim thinks they are responding to a legitimate request. The FBI says CEO (or C-level) fraud has increased 270 percent in the past two years with over 12,000 reported incidents totalling over $2 billion dollars in corporate losses.
Among the reasons these scams succeed are the appearance of authority—staffers are used to carrying out CEO instructions quickly. That’s why phishing can be so easy to fall victim to.
RSA Conference, “How a Security CEO Fell Prey to Scammers (Almost),” 3/3/2016: http://www.rsaconference.com/blogs/security-ceo-scammers#sthash.egMiB2xW.dpuf