When it comes to protecting organizations from the abundance of security risks today I am sure we would all like to spare no expense. But the reality is, we are all trying to do the best we can within our budgets. As a Managed IT Service Provider, it’s our job to help you strategically plan and manage your IT budget. If there is one thing we can recommend to our clients, to get a good bang for your buck, it would be outlining and documenting business policies, and creating security awareness training for employees.
Unknowing employees put your business at risk.
Sample of Microsoft Scam
True story:A client’s employee received a pop-up message on her computer stating her computer had been infected by a virus, and to call “Microsoft Tech Support” as soon as possible. She called the number, gave her credentials to the “tech support representative” to fix the virus, and then paid $500 for the service with the company credit card. She paid hackers to give their network over 200 trojan viruses. Luckily, our engineers were able to assist in the restoration of their systems. No amount of physical security measures could have stopped this client from picking up the phone and verbally giving the hackers everything they needed to take down this organization.
We assume most people know this is a common browser highjack scam, however many are unknowing. Therefore, we need to continuously train employees. Continuous training will build security awareness over time and reduce common scenarios like these.
Reduce business risks by setting business policies to dictate what should and should not be done.
Business executives need to understand that security and risk management starts by setting business policies. From an IT Administrator stand point, we can put the technology into place to protect the business by setting up firewalls, backups and antivirus, but the business should clearly define in a security policy what employees should and should not be doing to protect your proprietary data. Examples: do not plug cell phones into PCs – only into the wall to charge, checks over $500 must be co-signed, requests to wire transfer money must be verified a certain way, never use free Wi-Fi, etc. Setting a policy helps employees understand what they should and should not do and allows them to feel confident in their decisions.
Security awareness training is a win/win for employer and employees.
Security awareness will not only protect your organization from scenarios like the one described above, it will also keep your employees safer at home. Employees will understand and feel confident about what is expected of them, what to lookout for, and what not to do.
Send simulated phishing emails as part of awareness training helps reduce business risks.
Attackers relentlessly target end users with spear-phishing, spam, and socially-engineered attacks putting your business at risk. More than 90% of ransomware attacks are delivered via these types of email messages. The security experts at RMON Networks can emulate basic and advanced simulated phishing attacks to keep your employees on their toes. Reporting will help you identify areas of weaknesses in your organization’s security posture. Additionally, any users that click on these emails will be required to go through training modules to help educate them and reduce future clicks. To learn about these services click here.
Your Results will Speak for themselves.
According to CSOonline, the results and benefits of training and simulated phishing were overwhelmingly positive. In a Carnegie Mellon Study, 500 people were sent fake phishing emails one month apart. Those who clicked on the first email scam were immediately identified and given training on what to look out for in the future. One month later, the number of people who fell for the simulated phishing email dropped by 50%. Over three months, the failure rate was cut in half each time the test was given.
The number of simulated phishing emails needing to be sent varied differently between organizations, but that in every case organizations experienced improved results. Researchers suggest reviewing the reports and targeting departments that may need more enforcement than others. For example, if the finance department is continuously clicking on the emails, send simulated emails monthly instead of quarterly.
Need assistance?
There are many ways our Experts can help you. A Network Audit is a great place to start, it will show you the current state of your computer network, so you can craft a plan to get secure. You can also invite us to your site for a FREE consultation. If you are not ready to act, visit our security resource webpage for awareness training programs, sample policy templates, free product trials and more.
