With terrifying new forms of ransomware on the up, and winter beginning to rear its ugly head, you'd be forgiven for thinking that the biggest security risk to your business is a virus or a snowstorm (or a combination of the two). But the biggest security risk to your business is the same today as its always been - your colleagues.
Whether its ransomware or a spam email, and whether they're after your information or an oddly specific amount of Bitcoin, hackers are often depending on one thing - a person to take the bait. The person that clicks a dodgy link in an email, types their information into a dodgy website, or downloads a dodgy attachment.
For businesses, staff are the real target for hackers. They are the difference between your business continuing to function, or completely floundering in a security meltdown. You can have the best security possible, and it can still only take a single click.
How do hackers get people to click?
A hacker is going to use any and all tactics to get people to click on their links, download their content or visit their illegitimate website. After all, what's the point in writing all that malicious code if nobody is going to fall for it?
A popular method used by perpetrators to get people to hand information over is by giving them a time limit. Pressuring people with time constraints encourages people to click first, think later. Time limits are often used in everything from phishing emails to bank transfer fraud, because when something is 'urgent' you're less likely to run it by someone else.
They might also use a well-known business or contact to gain your trust, either PayPal or Amazon, or a manager or director from within your company. All the information about your managers, directors and business owners can be lifted straight from your website, and it's incredibly easy to send an email that looks like it comes from somebody else.
To pile on the pressure just a little more, there might be an impending punishment for not following the instructions. It could be a threat from a company to restrict your account, or a threat from your manager that inaction could lose a customer.
What can you do?
It's impossible to completely eradicate spam emails and malware-filled downloads; some of them are going to keep finding their way to our inbox. That doesn't mean it's not important to install anti-phishing software and email filtering solutions to protect your business - online and offline security is vital. Make sure that everyone's computer is regularly updated, so that every device is getting the plugs and patches to counteract the latest scams.
However, it's also incredibly important that staff and colleagues know how to recognise suspicious emails and websites, so that when a dangerous link does arrive it goes straight to the Junk folder. Making sure that everyone knows the telltale signs of a phishing email could save you time, money and a lot of stress.
It might also be helpful to establish a clear policy for transferring money, whereby large bank transfers have to be requested in person. This will ensure that nobody sends off thousands of pounds to unscrupulous individuals, even if the email looks to come from someone important.
If you can prepare your staff for these kinds of attacks, your business is far less likely to run into trouble. Teach your colleagues to defend themselves, and they'll help to defend your business.
Tweet us @TranscenditUK
