As part of our effort to support National Cyber Security Awareness Month I wanted to provide information on the need for everyone within a business to be aware of their role in keeping the organization safe from cyber attacks. Let’s discuss some of the areas where we see existing organizations employees may be lacking in their efforts:
1. Email Security – Email is by far the biggest threat to organizations and their employees still today. Cybercriminals are inherently lazy and don’t want to have to exert a lot of effort in creating attacks. Also, email is still the predominate communication tool used by businesses. That is why we continue to see email being abused and used by threat actors. One of the challenges is the authenticity of socially engineered emails today makes it difficult for employees to identify them as malicious. A few things that they can do:
2. Web Security – The web is the next way many employees and organizations get compromised. Many threat actors will use popular websites or advertisements within webpages to infect users. Phishing webpages are very popular right now as cybercriminals look to steal user login credentials for popular applications. A few things users can do:
3. Training Employees – Many organizations are seeing improved security when they make an investment in training their employees around cybersecurity. This needs to be continuous training both new employees and long term employees since the threat landscape changes quite frequently. This can be done with regular video training on how threats work or using a phishing simulation program that regularly tests employees clicking on phishing emails crafted by the organization. Another thing organizations can do is create a standard email address where employees can submit suspicious emails to IT. The only thing with this, the organization needs to ensure a fast response to the users to show them that they will be alerted if one is in fact malicious.
All employees need to remember that they could at any time be the subject of an attack. Many employees may think they won’t be targeted, but threat actors are persistent and if they cannot get an employee to take their bait, they will try others until one happens to fall for their socially engineered attack. Organizations, especially small businesses need to remember this too, they will be targeted at some point.
Threat actors and cybercriminals continue to target organizations and their employees around the world and this means everyone within an organization needs to be rigorous in examining their online actions to ensure they try to stay safe. But Trend Micro also knows that we need to do more and so we continue to invest in newer technologies to protect our customers against the threats targeting them as we look to make the world safe for exchanging digital information.