Email Scams: Your Employees are the Target and the Weakest Link

Does cyber security scare you? It should! Your best safeguard is not beefing up the firewall, its training for your staff.

Here are 4 essentials to improve your security

Invest in improving staff awareness

The most prevalent cyber attacks now are tricks where a staff member is fooled by a plausible looking email. If your staff are more conscious of the tricks, and looking for them, they won’t be fooled. Simple.

Staff awareness is not a one-off that you can tick as done. Its an on-going, regular necessity to inform staff of the current issues and keep security front of mind for people taking the risk of communicating with the world at large on-line (as we all do).

2. Invest in safeguards such as multi-factor authentication

Most of the scams are trying to collect usernames and passwords. If you can raise awareness, you will reduce the chances of a successful attack. Undoubtedly, your staff WILL be fooled by a plausible scam at some stage. so the next step is protect that login. Implement multi-factor authentication, then the scammer can’t get into the mailbox, even if they know the password, and the victim will be notified of the attempt and can change their password with no loss.

3. Invest in a password management tool

How does this help? A very common scam is to send a user an email with a link in it supposedly to a legitimate page the user knows well – such as their google account or bank login page. The link takes the user to a mock up of the page, then steals the username and password when entered.

Password managers are not fooled by the fake page and will not auto-fill the password – so the user is alerted.

4. Invest in properly tested, fast recovery backup

In the worst case, if disaster happens and a staff member clicks on a nasty link that opens the door to something nasty such as a ransomware attack, good backup with fast recovery can render this situation a minor inconvenience instead of a major disaster.

Frances Russell is an expert on IT and Cyber Security with 20 years experience managing technology, security and risk for businesses. Practical, real world experience working with organisations to improve their security is backed up by solid academic qualifications and relevant industry certifications including ISACA: CISA CRISC CISM.

FooForce can work with you to minimise your exposure to cyber risk. Call us for a chat anytime.