The nature of cybersecurity is technical, so many companies leave it to their IT departments. While it’s true that your IT staff plays a vital and invaluable role in ensuring your company follows cybersecurity best practices, that doesn’t mean they should shoulder it on their own. In fact, they can’t. Awareness of and participation in cybersecurity best practices needs to go beyond IT and become part of your company’s culture.
If you received an email from a trusted executive to process a transaction, would you automatically do it? Would you hesitate if it was out of the ordinary, included misspellings or involved an account you didn’t recognize? Though it could be a valid request, it’s also a technique hackers use to get recipients to quickly transfer funds without questioning the request.
This scenario doesn’t involve IT and is not overly complicated. Yet, according to recent estimates, $2.3 billion has been lost over the last three years with this technique. A simple solution would be to request a two-step approval process, or confirmation from the actual executive, prior to sending. It may seem like common sense, but it does require all individuals to be aware. If it weren’t effective, the “bad guys” wouldn’t keep using the technique.
Implementing a culture of cybersecurity awareness begins with education: sharing examples, educating employees, building awareness, and making the topic engaging.
Eide Bailly offers cybersecurity consulting services, security implementation services, and incident response services. Whether you need help preventing future security incidents, solving technical security problems, or mastering technical security tools, our cybersecurity team is here to advise. When you’re faced with a security incident, our team can not only get you back up and running after a breach, but also have evidence preserved so that if you have to defend yourself in court, you will be ready.
Learn More at EideBailly.com.