Strengthen the Weak Links in Your Cybersecurity Plan
Pete Abner
Apr 11, 2016
Cybercriminals never seem to give up, and for good reason: Their chances of success make it worthwhile. A recent poll entitled “IT Threats and Data Breaches” found that 94% of companies reported experiencing some form of “external threat.”
After spam, the most commonly reported cyberthreats were viruses, worms, spyware, phishing attacks and network intrusion. Although less common, corporate espionage was also reported by nearly one-fifth of survey respondents.
As a result, a new industry — employee cybersecurity training — has sprouted up. While it’s true that there will always be employees who will click on anything, it’s still critical for employers to try to educate them. Here’s a rundown of how to proceed.
Employee Cybersecurity Checklist
It’s important to test your staff regarding their knowledge of cybercrime, the possibility of breaches, and the role employees play in keeping the company and themselves safe. Your employees need to know that:
- They should never run or install software on a work computer when a website they are visiting invites them to do so.
- Malicious emails may appear to be from a coworker or supervisor, urging or instructing them to take an action that is actually dangerous.
- It’s not okay to use the same passwords on multiple websites.
Malware often originates from legitimate websites they regularly visit.
Cybersecurity experts maintain that educating staff members about online security procedures isn’t a “one and done” matter. Employees may be vigilant and avoid the trap in a “spear phishing” (that is, highly customized) attack for a while after being warned, but eventually they let down their guard. Some cybersecurity training services can regularly send your employees phony attacks to test their resistance, enabling you to give remedial instruction to employees who flunk.
The underlying strategy used by many cybercriminals is “social engineering.” In this case, that’s defined as the art of manipulating employees so they give up confidential information. Its effectiveness rests on the fact that it’s easier to find people who are too trusting than it is to hack into a system by purely technical means.
Common Tactics
Frequently used social engineering tactics include:
- Impersonating a friend, coworker or supervisor,
- Asking for help,
- Informing you there’s a problem with your account that requires verification of personal information, and
- Telling you that you’ve won something, but to receive the prize you must provide your bank information.
While some of these tactics might be transparent to you, it isn’t safe to assume that they will be that clear to all of your employees, including senior managers. In fact, higher level employees may be subject to more attacks because it’s assumed they have greater access to the information hackers are seeking.
Training employees in cybersecurity involves more than just feeding them defensive tactics; it also requires getting them to understand why it all matters. They need to know what is at stake and how a serious cyberattack could affect not only the organization, but also each individual employee. After all, the personal information of everyone on your payroll is in your database, including their Social Security numbers, birthdates, addresses and more.
Detecting a Breach
It’s not always obvious to employees when they have enabled a cyberattack, and thus they need to be trained to spot a breach if one occurs.
It’s also advisable to inform staff members what they need to do if they suspect there’s been a breach. For example, you might instruct them to unplug the computer from the network immediately and then contact the IT department. Even if the breach turns out to be a false alarm, commend the employee for acting quickly to address a perceived problem.
A Real Attack
Policies and procedures for dealing with a true cyberattack need to be laid out in advance. That should include a documented remediation plan that is regularly reviewed and updated.
It’s also a good idea to have procedures in place for informing employees when a breach has occurred, on a need-to-know basis. The same holds true for informing customers, if the breach could compromise the security of their data.
Keep in mind, it may be necessary to make a public announcement concerning the breach, as a way to control the story rather than have it leak out and be perceived as a scandal. A public relations professional can provide insight on the best ways to handle a breach.
Finally, look to employees not just as people to be trained, but also as a possible source of insights on how you can work together to implement the strongest defense possible. Make it a dialogue, not simply a series of lectures.
Copyright 2016
About The Author
Peter Abner serves as the primary advisor to the stakeholders and owners of closely-held and family-owned businesses providing…
Tags
Sign Up for Email Updates
Related Articles
Do You Know How SECURE 2.0 Will Affect Your Manufacturing Company?
- 03-16-23
- Kirsch CPA Group
Top 3 Federal Tax Law Changes that Could Affect Your Business Return
- 03-02-23
- Kirsch CPA Group
What Are the Most Common Form 990 Mistakes Not-for-Profits Make?
- 02-16-23
- Kirsch CPA Group
8 Ways to Insulate Your Construction Company Against Rising Costs
- 02-10-23
- Kirsch CPA Group
Tax Treatment of Debt Forgiveness: Watch Out for Tax Bills Delivered COD
- 01-18-23
- Kirsch CPA Group
Manufacturers: Be Aware of These 3 Business Tax Provisions Currently in Limbo
- 01-18-23
- Kirsch CPA Group
The Tax Deductible Mileage Rate for Business Driving Increases for 2023
- 01-04-23
- Kirsch CPA Group
Succession Planning Considerations for Construction Business Owners
- 12-14-22
- Kirsch CPA Group
Prevent Fraud at Your Construction Company With a Holistic Approach
- 11-30-22
- Kirsch CPA Group
Manufacturers Must Act Now to Maximize Depreciation-Related Tax Breaks for 2022
- 11-09-22
- Kirsch CPA Group
It’s Time for Businesses to Rethink Their Working Capital Practices
- 11-09-22
- Kirsch CPA Group
Social Security Wage Base and Earnings Test Amounts Increase in 2023
- 10-27-22
- Kirsch CPA Group
New Law Enhances Payroll Tax Break for Small Manufacturers’ Research Expenses
- 10-13-22
- Kirsch CPA Group
How Buy-Sell Agreements Factor into Business Owners’ Estate Plans
- 09-14-22
- Kirsch CPA Group
SALT Cap Workaround Law Could Save Ohio Business Owners Over $100 Million
- 08-31-22
- Kirsch CPA Group
How Manufacturing Companies Can Benefit from the Section 179 Expensing Deduction
- 08-04-22
- Kirsch CPA Group
Could the Work Opportunity Tax Credit Help Your Construction Company?
- 06-23-22
- Kirsch CPA Group
Good News: IRS Boosts Standard Mileage Rates for Second Half of 2022
- 06-23-22
- Kirsch CPA Group
Education Benefits Can Help You Recruit and Retain Smart Employees
- 05-26-22
- Kirsch CPA Group
Ensure Your Construction Accounting System Has the Right Features
- 05-12-22
- Kirsch CPA Group
John Kirsch Named to Greater Butler and Warren Counties Business Hall of Fame
- 03-25-22
- Diane Glover
Manufacturers Need to Act Soon to Take Advantage of 100% First-year Bonus Depreciation
- 03-17-22
- Kirsch CPA Group
Commission Fraud: Salespeople Getting Paid More Than They’ve Earned
- 02-04-22
- Kirsch CPA Group
Consider a New Approach to Meeting Your Business Real Estate Need
- 09-17-21
- Kirsch CPA Group
Beware: Teleworking Arrangements May Cause State Tax Withholding Issues
- 08-18-21
- Kirsch CPA Group
5 Common Construction Accounting Risks — and How to Address Them
- 07-07-21
- Kirsch CPA Group
Supreme Court Finds No Standing to Challenge a Provision of the ACA
- 06-24-21
- Kirsch CPA Group
Labor Shortage: Unlock Solutions by Evaluating Your Employment Value Proposition
- 06-09-21
- Kirsch CPA Group
Material Participation Standard is the Key to Unlocking LLC Tax Losses
- 05-27-21
- Kirsch CPA Group
Know Your Legal Obligations Under the Americans with Disabilities Act
- 05-13-21
- Kirsch CPA Group
PPP Loan Not Forgiven? There’s a Safe Harbor for Deducting Expenses
- 12-03-20
- Kirsch CPA Group
What You Need to Know About the Deferral of Payroll Tax Obligations
- 09-15-20
- Kirsch CPA Group
PPP Loan Forgiveness – Significant Borrower Friendly Changes on the Horizon
- 06-04-20
- John Kirsch
Tax Filing Deadline Remains April 15 – Payment Due Extended to July 15
- 03-19-20
- John Kirsch
Prepare to Receive a Social Security Administration No-Match Letter
- 10-15-19
- Kirsch CPA Group
IRS Announces Changes for Personal Use of Employer-Provided Vehicles
- 06-10-19
- Diane Glover
Watch Out for these Tax Issues When Planning for Your Business in 2018
- 06-26-18
- Diane Glover
What Image Does Your Organization Present to Large Contributors?
- 03-15-18
- Kirsch CPA Group
8 strategies to help you adapt to economic down turn without layoffs
- 02-24-18
- Diane Glover
Remember To Take Required Minimum Distributions at Age 70 1/2 Or Face Penalties
- 02-17-17
- Sue Schloemer
Time is Money: Don’t Spend Valuable Time Inputting Data into QuickBooks
- 06-18-22
- Diane Glover