<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

To Prevent Data Breaches, Build a Strong Human Firewall

Posted by Amber Langdon on Apr 19, 2017 10:00:00 AM
Amber Langdon

multietnic_roundgrp-494280935 (1).jpg

Smaller firms suffer the steepest consequences when hit with a cyber attack. Findings show 60 percent of small businesses that suffer a data breach go out of business within six months of the attack. The average attack costs a firm roughly $4 million dollars. The outlook is bleak but there are options.

Some say the solution to data breaches is stronger malware protection software. While that may be true, let your customers know they have another option when avoiding malware/ransomware attacks: the human firewall.

It’s a network of knowledgeable employees who identify and prevent attacks by refraining from exposing their company to security risks. Bottom line: Employees are the first line of defense when cyber criminals target an organization for an attack.

Grow Your Business. Protect Your Customers.

Experts say there’s a chance for you to provide leadership in the space of employee training on data security.

“CISOs (chief information security officers) and financial institutions are now looking at security awareness as a factor in determining risk and looking at channel partner offerings to offset this risk,” said Stu Sjouwerman, CEO and Founder of KnowBe4.

“They are demanding MSSPs (managed security service providers) and resellers provide effective security awareness training and simulated phishing to train their users how to spot when something is wrong and how to react to it.”

Where Attackers Find Points of Entry

The departments within a company that are most vulnerable for attacks are accounting and HR. The accounting department usually receives emails from “unknown” senders often. 

Attacks enter the company through human resources because cyber criminals often send simulated resumes and other employment-related requests that may come from former employees that pre-date the tenure of the existing human resources professionals on staff.

Cyber criminals can then send emails that appear to be coming from the CEO or CFO (commonly known as CEO Fraud) to payroll, requesting financial or personal information be uploaded to a site. This is common around tax season for hackers in search of W-2 information.

Third party suppliers or partners with credentials into a company network also present additional risk. If an employee at the third-party company is compromised, hackers can then enter the company network with malicious intent. This was the entry point for the Target breach, compromising 40 million Target customer credit cards.

Next Steps for Securing Your Data

To build a powerful human firewall, we recommend taking the following steps: 

  • Give employees examples of breaches and the consequences of those breaches.
  • When in doubt, call the sender to confirm they’ve sent the email. This is especially important in light of the recent explosion of ransomware attacks. The vast majority of these attacks come through email.

  • Be on the lookout for unusual requests for money or financial information. Refuse to send funds without a second authentication.

  • Adhere to a strong password policy and change them regularly.
    Use different passwords for different accounts (personal separated from professional). Change passwords after travel, especially if you used public Wi-Fi connections.

Primary Best Practice: Include monthly security awareness training and news. A company should regularly self-test or assess their vulnerabilities.

Tech Data offers a range of services including security awareness, to learn more contact our security product specialists at 800-237-8931, ext. 73246

Sources:

http://www.cnbc.com/2016/06/14/cost-of-data-breaches-hits-4-million-on-average-ibm.html

http://www.denverpost.com/2016/10/23/small-companies-cyber-attack-out-of-business/

https://blog.knowbe4.com/a-single-spear-phishing-click-caused-the-yahoo-data-breach

https://krebsonsecurity.com/2016/03/phishing-victims-muddle-tax-fraud-fight/

https://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/

 

 

Tags: Data Breach