IT Security Tip #27: Start with the basics!
You’ve heard the advice countless times before: you must have antivirus software and a strong firewall. However, in this day and age, there is more to the security basics than a solid firewall.
What about the employee who mistakenly clicks on an e-mail from that foreign ambassador trying to move money into the US. He or she recognized it was a scam but only AFTER clicking it which is too late…the phone is infected and now sending a copy of every outgoing e-mail to a Russian crime network. Antivirus and firewalls do nothing to prevent this type of threat.
Have you trained your employees to not open an Excel attachment called “Invoice” from someone you don’t know. Trust me, they’ll call you if you owe them money. Or you’re an employee and just got an email from the boss telling you to wire a few thousand dollars to someone unexpectedly. Will you verify by calling or making a NEW email to the boss to ask about it (please don’t hit the reply button!).
Here’s a neat one that’s come to me and a few clients. Cyber-thug sends a 9-word, hastily written and profane email asking “why the $%#$* did I charge their credit card” and includes a link that took a programmer to create! The impression they wanted to create is they were in a hurry, but they took the time to mask the link instead of pasting it in the email like you and I would if we were blessing someone out, demanding action immediately. (See video for example)
A single crack in your armor can open the door for network attacks or ransomware infections that stop your business in its tracks. I implore you to get serious about locking down your devices with the right security methods, enable cloud-based e-mail filtering, have a rock-solid backup and business continuity system in place, and start teaching your employees how to not volunteer the company assets to the newest Chinese or Russian hacker or any of the few thousand Nigerian princes that seem to have lost their way.