
“How can I prevent someone from hacking my company?”
I am asked this question whenever I speak to business CEOs. My response? Ensure your workers never open their emails. Of course, that’s not possible. The answer is to train them to be your frontline prevention against cybercriminal’s phishing attacks.
First, this would be the right place to begin because office workers typically respond to emails in under two minutes, enough time for any cybercriminal to penetrate your company’s customer database and destroy your reputation. Two minutes?
Seventy percent responded within six seconds after receiving an email, and 85 percent within two minutes. And, amazingly, the average worker spends 28 percent of their workweek tending to emails; that’s 620 emails every week, or over 11 hours a week.
Cybercriminals know this better than anyone. Now ask me that question again?
As a result, hackers can access sensitive data, steal medical records and shutdown operations, take control of operating systems and demand a ransom for your data or control your operating systems. However, it’s unlikely they would return your data.
Here are some steps to take in your quest for cybersecurity.
Recognize phishing attacks
Phishing is a term used to describe cybercriminals who “fish” for information from unsuspecting users, likely your employers. Most of all, cybercrimes start with phishing emails. Phishing attacks seek to get sensitive information by using URLs and files to deceive their targets.
Don’t blame your employees
And continue to invest. Fresh attacks develop monthly, if not daily, and your approach to guarding against them shouldn’t be on a budget or on a one-day-a-year basis.
Password security training
Passwords that are long enough, use multiple character sets (uppercase, lowercase, numerals, symbols), don’t use complete words, don’t share and change on a non-scheduled basis, cuts down the risk of a password being used to break into your database.
Typically, phishing attack emails involve,
- Lousy grammar and spelling errors
- Unfamiliar salutations
- Inconsistencies in email addresses, links & URLs
- Suspicious attachments
- Requests for login credentials, payment information or customer data.