Awareness and data security are becoming more and more important for small businesses. The more data you collect about your customers, the more important this becomes. Collecting and saving a customer’s personal information can make you a target. And if your customer’s information is compromised, it can make them a target, as well. If an evildoer gains access, it may allow them to open a new cell phone account with your customer’s information, apply for a credit card, or otherwise steal their identity.
Data breaches are commonplace, unfortunately. Most of us have read the headlines describing data breaches at large companies. The reality, however, is that hackers target small and midsize businesses in greater numbers. In 2018 alone, 58% of all cyber attacks affected small businesses. Why? Cybercrime is first and foremost a numbers game. The majority of cyber attacks do not target specific companies. Instead, hackers look for vulnerable computer systems, wherever they may be. Many small businesses do not have the level of data security common to large corporations. Without such security protocols in place, small and midsize businesses are especially defenseless, particularly when it comes to social engineering scams like phishing.
As hackers develop new methods to get your data, you need to keep up with the latest techniques to keep your business safe.
What is Phishing?
Phishing is the practice of using emails or web pages that look like trustworthy sources in order to collect your data. Occasionally there is a surge of fake PayPal, American Express, or Bank of America emails telling people they need to update their information or reset their password. Since email filters are getting better and better at identifying malicious attachments, many of these emails now include links to impostor websites. These websites ask users to log in with their username and password in order to collect their credentials. Often, these phishing attempts also gather information from fake password reset pages, where they request additional information such as birth date, mother’s maiden name, and more. This information can be valuable to hackers who use it to open up credit accounts… or worse.
Phishing attempts are often directed at the rank-and-file members of an organization. But if you’re a business owner or someone in upper management, you can be deceived, too.
What is Whaling?
Whaling is phishing for “big fish.” It’s directed at CEOs, executives, or others who have access to highly valuable information. Since these individuals may not be deep in the daily operations of a business, they can actually be more susceptible to someone posing as an official via email. A spoofed email complaint could easily lead to a fake page ready to collect sensitive information. Attackers know who to target. They typically go for individuals with deep pockets or those from an older generation who aren’t glued to their phones to receive alerts that their security has been breached.
Regardless of whether you’re a C-level executive or one of the many minnows in the pool, data security is important. Everyone in a company can benefit from security training in order to stay on top of ever-changing threats.
Physical Security is Important for Your Data Protection, Too
The way your staff responds to real-life visitors and vendors requires awareness and training, as well. Security protocols instill confidence in your employees in the execution of their duties. Training enables them to confidently ask a vendor for ID before allowing access to sensitive equipment and information. For example, If your business uses a document shredding service, it’s important to confirm vendor IDs before granting access to secured paper documents containing confidential information.
Implementing security protocols and requiring your staff to follow these rules can make a big difference in boosting the physical security of your company data. Such protocols can include:
- Requiring staff to confirm vendor IDs
- Appointing a single contact person to authorize access by vendors
- Establishing supervision of vendors while they are in your business
- Confirming vendor work orders before allowing any work to take place
- Requiring signatures on completed work orders
- Identifying a chain of command for all outside vendor approvals
These types of precautions can protect your company’s physical assets as well as sensitive data. Providing your employees with data security training will go a long way towards building staff confidence—and help to keep your business out of the headlines.
Have a Data Security Training Program in Place
Data security awareness and education are key for businesses of all sizes. Just because you’re not a large corporation doesn’t mean you’re safe from attacks. New threats and new technologies are always emerging. While you can mitigate some of the risk through best practices, your security chain is only as strong as its weakest link. A regularly scheduled training program help keep your staff up-to-date on the latest social hacks, phishing attempts, and physical breaches to reduce human error.
Lieberman Technologies can help your business provide data security training for your staff, no matter how many people you employ. Training can take place as a group activity or individually as your staff’s work schedules allow. As threats continue to evolve, you want your staff to be able to protect your company’s data assets. Ongoing training can help your staff to be better informed and more prepared for what may lie ahead. Learn more about data security training for every person in your business.