IN THE NEWS – ELIJAH Digest | October 03, 2019

Computer Forensic, Cybersecurity and Managed IT Solutions.


More and more people are getting emails addressed to them, from an executive level member of the company, asking for help. The emails are friendly and simple, but require the recipient to either reply to the message or open an attachment.

For example, one of our clients recently had her email account hacked. She was unaware that she was sending messages to her staff, asking for help. The wording of the message was:

From: (Company Boss)
Sent: Tuesday, September 17, 2019 7:08 AM
To: (Company Employee)
Subject: I will need your help today.

Quick response needed: I want you to handle something for me this morning before heading in.

Thanks.

Phishing attacks like this, in which carefully targeted digital messages are transmitted to fool people into following directions or clicking on a link, can then install malware or expose sensitive data, are becoming more sophisticated. Such attacks enable hackers to steal user logins, credit card credentials, or other type of personal financial information, as well as gain access to company databases.

Cybersecurity – Now It’s Getting More Personal

Nine Tips to get your employees to care about Cybersecurity:

  1. Educate. Cybersecurity is complex and the lack of understanding often leads to low or no interest from employees. Tell them what happens to the business from an attack that can be caused by a single mouse-click. Educate them on the cause and effect of a cybersecurity data breach.
  2. Make It Personal. Tell your employees that when a cybersecurity attack occurs, it’s not just the company data that is at risk, it’s also the employee data on their computer that is at risk.
  3. Security Begins At The Top. It’s not just your staff, but all employees. This includes Executives, Owners, Managers, etc. All staff members need to understand the risks. Hackers don’t discriminate.
  4. Follow The Rules. Everyone in the organization should understand the acceptable behaviors and standard practices that are defined in the organization. For example, if the password policy says to change the password every 30 days, then the entire organization should follow the policy.
  5. Set The Bar For New Hires As soon as a new employee starts with the company, begin building the standards for them. Tell them how your company puts cybersecurity at the top. All employees must follow the cybersecurity guidelines. Education starts at the beginning.
  6. Education Is A Continuous Process. Annual training won’t yield any positive results. Develop an ongoing cyber literacy program that is fun and engaging.
  7. Every Stakeholder In The Company, Including Employees, Should Be Familiar With The Basics Of Cybersecurity. This includes setting strong passwords, enabling authentication, screen locks, monitoring access, and downloading the latest security patches. These are the basics of cybersecurity that build the foundation for understanding digital security.
  8. Reward Your Staff. When an employee successfully thwarts a security attack or finds a new vulnerability in your system, reward them. Sharing their success with the entire organization will often encourage everyone else to do the same.
  9. Live Drills. Remember Fire Drills when you were in school? Have your employees undergo a simulated attack related to their job and evaluate their performance. If someone performs well, reward them while helping those who seem to lack awareness.

Changing the culture of the organization takes time. It does not happen overnight.


About ELIJAH

Founded in 2003, ELIJAH is a multi-award-winning leader in providing expert digital forensic, data security solutions, and managed IT. ELIJAH is owned and managed by former litigation partners and is an efficient boutique digital forensic, cybersecurity and IT solutions provider that makes clients’ lives easier through effective communication and white glove service. For additional information, please visit https://www.elijaht.com or call 866-354-5240.