If you haven’t heard, October is Cybersecurity Awareness Month. The Department of Homeland Security and the FBI use the month of October to promote a variety of IT security related topics from:
– children’s online safety,
– education and job creation in the cybersecurity field,
– safeguarding infrastructure,
– collaboration with businesses and employees to defeat cybercriminals.
For us here at Tech Guardian, every day is about cybersecurity awareness, IT support, training and industry compliance. We protect our clients with a sophisticated, beyond next gen unified threat management system for the ultimate endpoint protection. It is called Sophos, and it is simply the best protection for small and medium businesses.
At Tech Guardian, we also emphasize to our clients’ the need for employee training, as malware downloaded via phishing attacks are the primary way malware and ransomware get into business IT systems. The sophistication and volume of attacks continues to increase, so constant diligence is required by end users to be a part of the solution to defeat cybercriminals.
Other threats that business owners and employees need to be on the look-out for include:
Business e-mail Compromise – This is where cybercriminals have profiled your organization so closely, they can mimic your emails, including logos, writing tone and manner. These attacks may include direction from a CEO to a Controller to pay a fictious vendor (the criminal). Many companies have been fooled by this very sophisticated attack. It takes intentional coordination and double checking outside of email channels to stop the transfer on the part of the controller and the client’s bank.
Payroll Diversion – Cybercriminals use social engineering techniques and phishing to get employee’s log-in information. Once the criminals have the employee’s credentials, they access the payroll account and divert the direct deposit to an account controlled by the criminal such as a prepaid card. With control of the credentials, the criminal can prevent the employee from getting alerts and notifications of changes to their direct deposit account.
To defend against payroll diversion, instruct employees to hover their cursor over hyperlinks included in emails to view the actual URL. Insure it is from the intended party before clicking the link. Also, instruct employees from giving any log-in access information in response to any email.
For additional security companies can direct employees to have a dedicated login for payroll and separate credentials for other business-related uses such as employee surveys. Plus, companies can require higher security techniques such as two-factor authentication for access to sensitive systems and information.
For more information about Cybersecurity Awareness Month, please visit:
- The FBI website: https://www.fbi.gov/news/stories/ncsam-2018
- The Department of Homeland Security website: https://www.dhs.gov/national-cyber-security-awareness-month
For any questions about how to protect your business and a free Cybersecurity Threat Assessment, please call us at 951-319-4080 or visit our website at: https://www.jr-tech.com/