The results of two recent surveys indicate that computer network support professionals working for “enterprise level companies” agree that a company’s own employees are often its weakest link in protecting against cyber-crime. (For specifics on these surveys and more information on the subject of employee training in general, read our White Paper on the subject.) So, as an owner of executive of a small to mid-sized business, consider this: if this problem is so prevalent in these enterprise level companies with large IT departments, where does this leave you?
It is well-known in computer network support circles that in this day and age of cyber-criminals who are relentless in their development of new ways to attack virtually everyone’s IT network that employee training is a key element. It is also known that careless and / or unintentional employee actions are the number one access point for these criminals. While all the other forms of network protection are still vital, employee education remains one of our best safeguards.
Here are some notes on areas that employees need to be taught, and then on which to be continuously reminded and updated:
Unbreakable Password Protection
Computer network support professionals are amazed at how many people still use easy to break passwords. Criminals use algorithms that can rapidly test millions of possible passwords, so if they have a reason to guess at part of a password, finishing it becomes a real possibility. Larger companies install protections against this, including automated requirements for regular changes as well as strong parameters. Try this. Current thinking among these computer network support people has changed from combining letters, number and characters, to letters only. Here’s why: if you combine three unrelated words of five letters each, (for example: househumanroses) those fifteen letters give you 1,677,259,342,285,730,000,000 possibilities. That’s 1.6 sextillion. And that’s only using lower case. Imagine if you mix upper and lower.
Downloading Unauthorized Software
Another activity that drives computer network support people crazy are the many software programs that can be downloaded for free with a simple mouse click. While many are truly useful, others may launch very destructive malware, including ransomware that can lock down an entire IT network.
Phishing and Spear-phishing – Social Engineering
These are tactics used to trick people into divulging sensitive information. You may not fall for the plea for assistance from the Nigerian Prince, but many people are fooled by realistic looking fake emails from banks, utilities, charities and others. One specific word of caution: the IRS never calls and never sends emails.
Social Media Scams
Fake Twitter Accounts: We all make typos. Studies show that a small percentage of people will inadvertently make mistakes and not correct them when typing. If you mean to send a tweet to a company called ABC123, but type ACB123, there may well be a fake account out there with that name, set up to trick you. These scam artists will set up hundreds of these accounts (ABD123, ABE123, ABC 123, etc.) to benefit from your mistakes.
The reality is, there are too many ways that employees can make mistakes or be fooled to cover in this blog, so, again, we refer you to the white paper we wrote on this subject. Once you better understand the risks, you can set up training programs for your people. If you don’t have an in-house computer network support team to conduct employee training classes, speak with us here at DynaSis. We’ve been doing it since 1992 and would love to do the same for you. Call us today at 678-373-0716.