This post is part 1 of our series about security awareness. Today’s topic is a risk you haven’t even considered and how to handle it.
According to Business Insider, hackers have stolen nearly four billion records over the past ten years. Some of the victims were social networks, hotel chains, retailers, and financial institutions.
So, what did the thieves access? People's names, credit card and social security numbers, birth dates, addresses—you name it. Beyond stolen data, scammers are stealing money, too.
Cyberattacks on large organizations get all the publicity. But according to Security Boulevard and BroadCom, small companies are just as likely to be hit as larger enterprises, standing to lose tens if not hundreds of thousands of dollars.
What is the #1 cybersecurity risk?
It’s a given your organization takes many security precautions. But keeping data, finances, and customer information secure is a tall order, as hackers and scammers work relentlessly to breach your digital fortresses.
So how do hackers get their hands on all this sensitive information? You’re on the right track if you guess these common threats:
- Password loss
- IT scams
- Malicious email attachments
Any of these security threats could put your organization—and its data—at risk. But the most underrated cybersecurity threat to your organization is human error.
95% of data breaches are caused by human error.
Your IT department can’t always catch threats before they reach you. No amount of security protections can prevent employees from accidentally leaking information. Often, user errors come down to carelessness or failure to follow security policy.
You mean the security risk could be ME??
You may think you wouldn’t fall for a scam, but hackers have gotten smarter and sneakier, and fake emails often look very, very close to the real thing.
Here’s how a scammer could trick you:
- Email notifications: You receive an invoice, receipt, or warning that looks like it’s from a reliable source.
- User actions: You are asked to click a link or download an attached file.
- Login credentials: You are directed to login to a website—giving your login information to a scammer.
Since most notifications come via email, the trick is to pause and question whether they are valid. As you’ll see, just a moment of skepticism could stop you from being the next victim of a phishing attack.
So, what can I do to prevent a cybersecurity breach?
A great place to start is with yourself. Learn about the different types of hacks and scams that are out there.
Watch for these signs that your email notification could be phishing you:
- A generic greeting. If the email is addressed to “Dear Customer,” or “Dear Sir or Madam,” the message may not be legit.
- The scare tactic. Scammers often claim you could lose access, time, or money if you don’t comply.
- Pressure to act. Think twice before you get caught up in the need to act immediately, login today, or download within 24 hours.
- Watch out for typos. While less common these days, typos are usually a red flag.
- Check links before you click. Hover over a URL to read it and see if it’s legitimate.
- Be wary of attachments. Office files are some of the most common vehicles for malware.
In the end, taking time to be cautious is worth the hassle.
How can I help others in my organization?
Spread the word about security awareness. Share these four tips so your organization can avoid being the source of a data breach:
- Check your sources—Always confirm that email addresses are legitimate. Don’t download attachments unless they’ve come from a trusted source.
- Pay attention—Cyber threats are always changing. Review current security policies, understand what you’re up against, and know how to avoid attacks.
- Speak up—If you see something suspicious, alert IT immediately. You might just rescue a coworker who isn’t as careful.
- Admit your mistakes—Accidents happen. If you’ve made a mistake, own up to it quickly so that your security team can act quickly. And if you’re using Outlook, report the email to Microsoft!
Here at BrainStorm, we believe in empowering all users and organizations to work smarter and safer. Now’s the time to strengthen both your organization’s cyber security and software adoption with BrainStorm Threat Defense.
That way, ‘phishing’ will be just something that happens out in the middle of a peaceful lake.
In the next part of our security series, you’ll learn how to use Microsoft 365 to level-up your security awareness training.