Why cybersecurity is everyone’s job, not just your IT’s department

Cybersecurity does not begin and end with your managed service provider (MSP). The first line of defense against cyberattacks is the user, the greatest security risk; therefore, cybersecurity is everyone’s responsibility.

Every organization stores sensitive information to conduct business. Some of that data belongs to business associates, customers, partners, contractors, etc. Most businesses, albeit small, medium, and large, are learning that having data, especially sensitive third-party information, makes them a target. The headlines remind us of it daily, and it’s only getting increasingly more frequent and severe.

Cyberattacks occur on multiple levels. Cybercriminals have developed more advanced methods of entry. They no longer have to bypass firewall perimeters to access your network. They are using a variety of ways to use your employees against your defenses. It is people who are your biggest security risk.

Implementing Cybersecurity in the Workplace is Essential

Companies need to be diligent in cyber awareness and best practices to protect their business, themselves and their families. There is no magic bullet or single piece of technology, such as antivirus protection, to avoid cybercriminals. It is undeniable that we live in a constant state of persistent cyberthreats.

With approximately 88 percent of all data breaches caused by human error, cybersecurity awareness training in the workplace is a necessity. Everyone has a role to play. An effective security culture means a model of “verify then trust” versus the traditional “trust but verify” approach, especially when it comes to any email with a link and/or attachment.

Because of Advanced Persistent Threats (APT), which involves a range of methods to infiltrate your systems, including spoofed communications from trusted sources, it is best that everyone in the company maintains a constant level of skepticism to help reduce security risks.

Many organizations believe perpetrators target a business’s technology, not their employees. Meanwhile, sophisticated phishing email scams that appear to be from trusted businesses are catching many employees off guard. The volume of these attacks is vast. According to CyberTalk, in 2021, 83% of organizations reported experiencing phishing attacks. In 2022, an additional six billion attacks are expected to occur.

Phishing email scams are more difficult to spot than ever, and scammers are targeting all types of businesses from small to large. They are imitating large industries that typically only have a few major players in the market, such as delivery services: UPS, FedEx, USPS; cell phones carriers: Verizon, Sprint, AT&T; and healthcare insurance companies: Anthem, United Health Care, Humana, etc. to fool users into opening them.

Phishing takes advantage of the human element. To help employees or anyone for that matter avoid becoming a target, here are ways to spot email phishing scams:

• Urgent requests
• Emails that state your account is about to expire
• Banks withdrawal notices
• Notices impersonating companies you do business with (these may include logos)
• Unknown Attachments
• Impersonal greetings
• Notices for “You’ve been paid” or “There’s a billing problem”
• Virus alerts
• Contest winner

In addition, follow these Email Best Practices to detect fraudulent emails. Review them carefully to be better prepared as email scams are becoming more frequent and dangerous.

• Personal Information – make sure to verify any email request that asks for your personal information and/or login information.
• Email addresses and links – pay attention to the “from” email address to verify it is from a legitimate sender. If you were able to click on the “Get Shipment Label,” it would take you to a fake website where your credentials would be revealed.
• Verify links – hover over links and verify them before clicking. This one is not only from a suspicious sender, but if you could hover over the link, you would see it would take you to a site full of malware.
• Spelling and grammatical errors – delete any email that has these errors.
• Suspicious attachments – if the attachment appears suspicious, it is probably malicious. Do not go any further. Delete the email immediately.
• VoIP phones and fake voicemail messages – Be careful of voicemail-to-email fake emails containing malware. They should always be in the same format. Do not open them if they look different. Your VoIP vendor should be able to set up a keyword in the subject line for your team to verify it is legitimate.
• Fake Websites – There are thousands of them, and the basic tips below will help you identify them to protect yourself from this growing threat.
  • Unusually low prices
  • No reviews
  • Misspelled words and grammatical errors
  • No SSL certificate on URL
  • No SSL certificate on payment page
  • No company/vender’s address(es)
  • Terms and conditions are obscured, missing or unfavorable

Creating a Cybersecurity Workplace Culture

Education is Key – Adopt Personalized Training

Cybersecurity training is essential to keeping your organization safe. Once leaders implement a cybersecurity workplace culture, creating employee awareness and training through various programs is in order. Training will help build an understanding of several types of cyber risks and how to avoid cyberattacks. Unsuspecting employees are caught off guard and unaware, otherwise giving cybercriminals an unfair advantage.

Plan Ahead – Pay Close Attention to Trends

Assess your attack vulnerabilities regularly. To successfully ward off threats is to be aware of all possible entry points. Develop contingency plans and protocols and keep them up to date. Make them readily available to every team member as appropriate. This will help ensure attacks are minimized when, not if, they occur.

Stick with the Basics – Keep a “Good Security Checklist” and Follow it Daily

Having good cybersecurity hygiene in place helps you and your team become stronger in the fight against cybercrime. To make it work, practice these things every day.

• Beware of suspicious emails.
• Avoid questionable websites.
• Make daily backups of important data.
• Update operating systems, programs, and mobile devices often. Schedule reminders to do this.
• Learn how to use tools at your disposal.
• Do not be lax. One mistake or oversight can be devastating.

Bear in mind, no amount of planning and preparedness will ensure a 100% success rate against human error. However, mitigating risks can help manage incidents. Cybersecurity awareness campaigns can help build a cyber-secure culture. The use of materials, such as posters, newsletters, and reminders, are useful ways to raise awareness around important security themes.

Cybersecurity is Everyone’s Job

Every employee must understand cybersecurity risks, attend cyber awareness training, and stay abreast of the ever evolving cyberattack landscape. They should know how to manage, store, transfer and dispose of information and data in the workplace.

Safeguarding hardware, software and sensitive information must be a priority, and adhering to workplace security procedures and protocols are essential. As a team working together and/or individually, everyone in the workplace can effectively enhance cybersecurity.

Cybersecurity is Our Job Too

Cybersecurity is a large area of practice at OrLANtech. We not only collaborate with our customers to make cybersecurity a part of everything they do, but also provide them with compliance services and ongoing, up to date cybersecurity training for everyone on their team.

Conclusion

If you are a business and want help with cybersecurity solutions for your business, we can help meet your company’s unique demands. Connect with a Client Success Manager to schedule a time to discuss your needs and how we can meet them.