By now, you probably already know that the biggest weakness in your cybersecurity system isn’t your computer network, it’s your employees. The good news is, they may be your best defense against cybersecurity attacks as well.
Cybercriminals have figured out that it’s a lot easier to con employees into giving them access to your data or money than trying to hack into your computer system. That’s probably why phishing attacks or business email compromise scams targeting small businesses have been on the rise.
The Better Business Bureau (BBB) has put out a pretty thorough report on cybersecurity explaining how many of the attacks work and what you can and should be doing to prevent them from hurting your operation.
“If your boss sends you an email, would you ignore it?” the BBB report asks. “Scammers know you probably won’t, and that has helped them bilk businesses and other organizations out of $3 billion since 2016 through email scams and attempt another $23 billion.”
IT still has a critical role to play. Among the BBB report’s recommendation are:
- requiring multifactor authentication;
- flagging emails from outside the organization;
- monitoring email rules, such as auto-forwarding;
- limiting the number of times people can enter incorrect login information;
- enabling systems that authenticate emails; and
- verifying changes about customers, employees or vendors.
But the human factor is key. The report recommends training employees to confirm information they receive in an email as well as training all employees on cybersecurity, not just IT workers.
“Most business email compromise fraud could probably be stopped if employees who were directed to send money simply called the person supposedly asking them to send money and ask them to confirm it,” the report states. “In this age of electronic communications, many people may be reluctant to do so. Senior executives need to develop a culture that encourages this.”