Cybersecurity and Small Businesses
By Carolyn Schrader
Select small business audiences need focused cybersecurity training
Now that everyone in your company has participated in basic cybersecurity awareness training and your IT people
have done several phishing email exercises, it might be time for you to consider focused training for select
Hackers continue to get more sophisticated, so your training needs to continue to expand. Nigerian payment scams
still exist, but new innovative scams that can be challenging to detect come up every day. For example, how many
of your employees would open an email that was sent to then as a copy, titled, “Proposed Salary Adjustments”?
Some studies say about 60% of recipients would open it.
Social engineering activities are burgeoning and your staff may need to see new examples of what types of scams
are being used. The cybercriminals frequently target specific employees with spear phishing – scam emails that are
focus on the employee’s role.
Potential high risk roles
CEO: She is busy, receives emails from many people outside the organization, and her profile may be readily
available online or in pubic company documents. She may be the target for a spear phishing email, or others may
impersonate her email address.
Social media manager: He is using social media for the good of the company, but may be inadvertently sharing
details that a savvy hacker can leverage in creative ways in a cyber-attack.
Charity program manager: She is selling the company’s good actions and sharing details about when and where
the management is involved with the community. The company’s employee list may be shared with a charity for PR
reasons. Hackers love diverse information about employees.
Contract employee: He may have worked with your competitors and knows a lot about your business as well as
other businesses. He could be leaking information without realizing the impact. Contractors should go through the
same intense background checks as full-time employees and receive the same cybersecurity training. .
Executive assistant: She often has as many details about employees on her computer as the Human Resources
manager. She keeps the CEO’s agenda and travel plans, all of which a shrewd hacker could use for cybercrime.
What your business can do
Have your key staff attend training beyond the annual basic course. Consider having a cyber security expert meet
with them in small groups to discuss risks. Have the expert tailor training to specific job roles.
Ask your employees to think how someone might try to access your company confidential information and network.
Then ask them what they can do to increase their protective actions for your business. They want your business to
succeed and not be a victim to cybercrime so include them in the defense activities so they feel they are
contributing along with the IT people.