Cybersecurity and Small Businesses

By Carolyn Schrader

Select small business audiences need focused cybersecurity training

Now that everyone in your company has participated in basic cybersecurity awareness training and your IT people

have done several phishing email exercises, it might be time for you to consider focused training for select

employee audiences.

Hackers continue to get more sophisticated, so your training needs to continue to expand. Nigerian payment scams

still exist, but new innovative scams that can be challenging to detect come up every day. For example, how many

of your employees would open an email that was sent to then as a copy, titled, “Proposed Salary Adjustments”?

Some studies say about 60% of recipients would open it.

Social engineering activities are burgeoning and your staff may need to see new examples of what types of scams

are being used. The cybercriminals frequently target specific employees with spear phishing – scam emails that are

focus on the employee’s role.

Potential high risk roles

CEO: She is busy, receives emails from many people outside the organization, and her profile may be readily

available online or in pubic company documents. She may be the target for a spear phishing email, or others may

impersonate her email address.

Social media manager: He is using social media for the good of the company, but may be inadvertently sharing

details that a savvy hacker can leverage in creative ways in a cyber-attack.

Charity program manager: She is selling the company’s good actions and sharing details about when and where

the management is involved with the community. The company’s employee list may be shared with a charity for PR

reasons. Hackers love diverse information about employees.

Contract employee: He may have worked with your competitors and knows a lot about your business as well as

other businesses. He could be leaking information without realizing the impact. Contractors should go through the

same intense background checks as full-time employees and receive the same cybersecurity training. .

Executive assistant: She often has as many details about employees on her computer as the Human Resources

manager. She keeps the CEO’s agenda and travel plans, all of which a shrewd hacker could use for cybercrime.

What your business can do

Have your key staff attend training beyond the annual basic course. Consider having a cyber security expert meet

with them in small groups to discuss risks. Have the expert tailor training to specific job roles.

Ask your employees to think how someone might try to access your company confidential information and network.

Then ask them what they can do to increase their protective actions for your business. They want your business to

succeed and not be a victim to cybercrime so include them in the defense activities so they feel they are

contributing along with the IT people.

Check back soon

Once posts are published, you’ll see them here.

Cybersecurity and Linux SSH Servers

Cybersecurity and the Auto Industry

Cybersecurity and the Energy Sector

Cybersecurity and Costs

Cybersecurity and Electronic Health Records

Cybersecurity and IoMT

Cybersecurity and Obscurity

Cybersecurity and New Devices and Old Problems

Cybersecurity and the Diversity of Data

Cybersecurity and Compromises

No tags yet.

Cybersecurity and Small Businesses

Featured Posts

Recent Posts

Archive

Search By Tags

Follow Us