I got an email the other day from a friend in one of my networking groups. The subject line read, “Please sign - You have received a secure document via DocuSign.” Alarm bells went off in my mind because I was not expecting an email like this from her. Further investigation revealed that this was a “phishing” email – a kind of scam where unscrupulous individuals try to capture information by pretending they’re someone they are not.
I wanted to notify the sender that someone was sending phishing emails using her email account, but first I had my security team investigate so I could at least tell her the severity of the situation. Upon initial review, they determined it was highly likely that her email account had been hacked.
I called the sender to let her know. As it turns out, I wasn’t the first person to call her. In fact, stated that she’d received countless calls from people concerned about the strange email they had received, and that she already let her IT guy know.
I told her I was glad to hear that her IT guy was on it, since it’s likely that her account has been hacked. With a bit of a chuckle, she casually replied “Yeah, our email gets hacked all the time. This is the first time it’s happened to me, but it’s happened to other people here lots of times.”
She was unconcerned and thought this was normal. I was speechless. I wished her the best and hung up.
Security threats are real and show no signs of slowing down. For some people, getting hacked is as normal as that squeaky office door. Something that’s irritating, but it must be normal since no one has fixed it.
We hear about security threats so frequently in the news, people have become accustomed to them. It seems like every week we’re hearing about the data breach of another corporation, financial institution, or public entity. Since we hear about it so much, we assume it’s normal when it happens in our small or midsize business. Some people even assume that there’s no way to stop them, so why bother trying?
It doesn’t have to be that way.
It is possible to put measures in place that will significantly reduce or prevent the likelihood of a security breach in your small or midsize business.
Even basic security practices go a long way in protecting your business from today’s security threats. Things like keeping your operating system, anti-virus, firewall, and applications up-to-date are critical. Additionally, web and spam filtering, using password policies, and providing security awareness training for employees are proven to be beneficial, basic steps that are well worth the time and effort.
For organizations that can’t afford the downtime, potential reputation damage, or the recovery costs that would come from a security breach, there are several more advanced measures that provide even more protection. These include things like advanced intrusion detection, multi-factor authentication, endpoint threat detection, and data loss prevention, to name a few.
Cyber security is all about layers. The more layers of protection you have, the harder it will be for someone to break in.
The first step in cyber security protection is knowing where the holes are. Consider hiring a third-party to do a cyber security assessment on your company’s network. Once you know where the holes are, you can put together a plan to fill these gaps and ensure you’re safe from the security threats of today and the future.