Careful! There’s an Infected Version of WhatsApp Out There

WhatsApp is one of the world’s most popular messaging applications. With over 2 billion users, WhatsApp is known for its relative security, as it is one of the few messaging applications that offers end-to-end encryption. A modified version of WhatsApp, called YoWhatsApp, has been reportedly deploying malware.

What is YoWhatsApp?

YoWhatsApp is an unofficial version of WhatsApp that users can download and install on their smartphones. The developers claim it offers the ability for users to lock chats, send messages to unsaved numbers, and customize the look and feel of the application with various theme options. There are other unofficial WhatsApp versions out there with similar enhancements.

 

This sort of thing isn’t new. Ever since the early days of instant messaging software, developers have been building “enhanced” versions of popular messaging applications. Back in the early 2000s when AOL Instant Messenger was popular, there were several unofficial versions that offered additional features that removed ads, allowed more anonymity, and offered more features than the source material. However, using these third-party versions often came with some risk—sometimes they contained malware or made your account less secure.

 

This definitely appears to be the case with YoWhatsApp.

What Are the Risks of Using an Unofficial Version of WhatsApp?

According to a recent Kaspersky Report, YoWhatsApp distributes Android malware known as the Triada Trojan. The same was discovered last year with FMWhatsApp, another modified unofficial version of the application.

 

Triada gains control over your SMS messages, and can enroll its victims in paid subscriptions without their knowledge and impersonate them, sending spam and malicious content to others from their phone number.

 

This, in turn, can then affect users who actually use the official versions of WhatsApp.

 

While, as far as we know, WhatsApp is generally a safe application to use, the various third-party versions are not.

Understand What You Install

The concept of third-party developers creating unofficial “enhanced” versions of popular software isn’t anything new. It isn’t always a risk either, but you need to consider that unofficial versions aren’t usually as supported or secure as the official ones. If someone made a variation of Microsoft Outlook that offered some new features that the original didn’t have, and then Microsoft found and patched some vulnerabilities in their original version of Microsoft Outlook, it would be up to the third-party developer to also patch and update their version. You can’t really rely on that. You also need to consider that cybercriminals will go to great lengths to extort money from a wide set of users, and that includes building a “better” version of a popular app and paying to run ads to get users to download it and install their ransomware.

 

Whenever you install anything on your PC or smartphone, be sure to check to see if you are getting it from the official developer. If you aren’t sure, take some time to do a Google search, or reach out to Point North Networks to have us help you. It’s better to be safe than sorry.

 

The Haunting of North Shore Software

The following story and events are true, however, to protect the families of the innocent, all names have been changed. Any resemblance to actual persons, living or dead, or businesses, is purely coincidental. Enjoy and happy Halloween!

This is a transcript of a police interview with Stephen Corey. Taken by Det. Giles Gerald at 11:05 a.m. this morning.

 

Det. Gerald – Please state your name and title.

 

Mr. Corey – I’m the founder and CEO for North Shore Software Inc.

 

Det. Gerald – Tell me what happened.

 

Mr. Corey – We’ve been at the 1692 Osborne Ave location since May 10th. It was rainy, but it was actually pretty warm that morning, if you recall? I got to the office at 6:30; which is an hour and a half early as I like to have some time to myself before the staff arrives. I found it strange that there were several cars in the parking lot, but it’s not really unheard of to have cars in the lot from people that get a ride from the bar just across the street on Sundays this time of year.

 

I didn’t think much of it as I gathered my things and went up to the office, but the first real curious thing was that the door to the office was already unlocked. This is Monday, mind you, ya’know, and there have been maybe one or two instances in the thirteen years I’ve owned this company that someone has beaten me to the office on Monday. I’m always the first one there; especially on Monday. So, I suddenly got a very cold feeling and was extremely worried that we’d had a break in. So instead of just barging in and potentially putting myself in a bad situation, I decided to go back to my car and call the office to make sure that I was just being paranoid and that there was, ya’know, people there who were, um, ya’know, were supposed to be there.

 

The phone rang twice and then Sarah answered. “Thank you for calling North Shore Software, this is Sarah, how can I direct your call?”

 

Det. Gerald – This is Sarah Glanvill?

 

Mr. Corey – Yes, she’s our receptionist.

 

Det. Gerald – Continue

 

Mr. Corey – I was immediately, ya’know, put at ease when I heard her voice, so I hung up without saying anything and headed into the office. Mind you, this was a very brief stretch of time; less than a minute or two. I got back to the door and went to open it and it was locked. Obviously, this was alarming, but I thought that, ya’know, it being Halloween and all that, someone was trying to mess with me a bit. So my first thought was to pound on the door. At this point, I wasn’t so much scared or annoyed, but was trying to be a good sport. I thought that Sarah, who is one of my longest-tenured employees, was just having a little fun with me. After a few seconds, there was an identical pounding on the other side of the door.

 

I remember saying something like, “Okay, okay, this is fun,” as I went to unlock the door with my key. Mind you, the plan is to move over to electronic locks pretty soon, but right now we still have the wood door that came on the place with your typical locks, ya’know. Well I put my key in and it won’t turn. Now I’m starting to get annoyed, because all I want to do is start the day and I’m thinking this prank is going a little too far. I pound on the door again, and again the knocks are returned. You’ll see all this on the CCTV, but I tried to unlock the door a couple other times with no luck.  I then call to end the charade and have Sarah, who at that time I’m completely convinced is doing all this to mess with me, unlock the door.

 

So, as I went around the back to get in the building, I’m annoyed. I call up and she answers “Thank you for calling North Shore Software, this is Sarah, how can I direct your call?” I’m like Sarah, “This isn’t funny anymore. Let me in the building!” I get nothing, but “North Shore Software, this is Sarah, how can I direct your call?” At this point, I’m at the back door. I hang up, not finding the humor in this whole thing, and I go to unlock the back door. I unlock the door and I get halfway in and the door slams and locks.

 

At this point I’m just standing there angry and dumbfounded. I try the lock and the key won’t turn. It’s as if the locks were magically changed. I start pounding on the door yelling and swearing. Just then I see headlights shining down the alley on the south side of the building. They are coming from the parking lot. I walk toward the parking lot and the lights go off and as I get to the front of the building. I hear: “Good morning, Mr. Corey. Happy Halloween.” It was Sarah. Even though I just saw her pull up, my blood is up, so I start yelling at her, asking her why she would keep the prank going so long? She has no idea what I am talking about.

 

I start barraging her with questions, and accusations, really. She starts to plead and cry, not only because she is being accused, but because she must have thought I was losing my damn mind. By now it’s 7 (a.m) or just after and I’m in a frenzy. I put my phone on speakerphone and Sarah, who is standing right in front of me, on the verge of tears, answers “North Shore Software, this is Sarah, how can I direct your call?”

 

I’m not so sure I’ve ever felt more insane and more sorry. She was as surprised as I was to hear her voice. I knew then that I was dealing with something I didn’t understand. I don’t believe in ghosts, but at that moment I thought for sure there was something paranormal going on, ya’know. I was, um, well, scared. Other employees began to pull up and I didn’t know what else to do so I called you guys and told them to go on home and work remotely until I knew what was going on.

 

Det. Gerald – What happened when the responding officers got there?

 

Mr. Corey – Obviously, I’m upset. At this point I was convinced there is someone in my place of business who isn’t supposed to be in there…or ya’know, something…There weren’t any lights on that I could see, but someone is actively trying to keep me out of the building. Officers Mather and Cotton came pretty fast and asked Sarah and I a bunch of questions about what was going on. I told them what I told you and they said if I let them in the building they would go in and see what is going on. I told them that the door was unlocked when I got there and then was locked and that someone slammed the back door on me after that.

 

We went up to the door and the door unlocked fine. They went in and it was quickly pretty evident that no one broke in. They returned in minutes to say that there was nobody there and the place was clear. By then more officers had showed up and Sarah helped me by sending workers away as I looked around to see if I could figure out who the hell was there. The officers said the back door was not locked. Obviously, this surprised me.

 

Det. Gerald – So who do you think was there?

 

Mr. Corey – That’s the thing, nothing is missing. I looked through the CCTV footage and I didn’t see anyone entering or leaving. The only thing I saw on those tapes was me struggling with the doors. Someone broke in; I’m sure of it, but I can’t tell you for certain who it was.

 

Det. Gerald – Maybe you imagined it. Have you been dealing with more stress than usual?

 

(Just as Det. Gerald asked the question, an unknown number called Mr. Corey’s phone).

 

Mr. Corey – No.

 

(Mr. Corey ignored the call)

 

No. I can’t really explain any of it, but I…

 

(Phone rings again)

 

Can I take this?

 

Det. Gerald – Yeah.

 

Mr. Corey – (into the phone) Hello? (inaudible; Mr. Corey then presses the speaker button on his phone)

 

Phone – “…this is Sarah, how can I direct your call?”

 

Mr. Corey – Who is this? Who is this??! (hangs up).

 

Det. Gerald – What was that?

 

Mr. Corey – That was Sarah the receptionist, but it obviously wasn’t.

 

(Just then the phone rang again: Unknown number)

 

Det. Gerard – Give me the phone.

 

(Mr. Corey handed the phone to the officer and he answers it and puts it on speaker)

 

This is Detective…

 

Phone – “…North Shore Software, this is Sarah, how can I direct your call?”

 

At Point North Networks, we offer enterprise business telephone systems that have all types of features, including virtual receptionists that can help your business direct your calls to the people you are looking to talk to. You can gain the peace of mind that you will get the end-to-end telephone service your business needs without the chance of being haunted by a human or specter.

 

 

 

 

 

“No More Ransom” is Leading the Fight Against Ransomware Abroad

Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.

Europol, a European Union law enforcement agency, is in charge of this initiative, called No More Ransom. The agency has helped over 1.5 million victims of ransomware overcome the attack and recover their files without paying the ransom. These victims have saved an estimated $1.5 billion dollars, which is a considerable amount of money to keep out of hackers’ coffers.

No More Ransom began in 2016 in collaboration with the Dutch National Police and other cybersecurity and IT companies. It began with only four ransomware decryption tools, but now, they provide 136 free decryption tools to take on 165 different ransomware variants.

Still, ransomware is a problem, and the fact that it requires this kind of special attention means that you need to take it seriously.

Why You Should Never Pay the Ransom

Hackers use ransomware because it makes people pay up simply because it’s the easiest way to solve the problem. Unfortunately, it is rarely that simple, and even those who do pay the ransom suffer from unforeseen consequences.

Further complicating this decision is the fact that those who pay the ransom are effectively funding further attacks and reinforcing the fact that ransomware works. Simply put, hackers will be more likely to attack with ransomware if they know people are scared enough to pay up, and with more resources at their disposal, they can expand their reach and infect even more victims.

This is why we advocate for not paying the ransom. In the heat of the moment, it’s not always so clear, but we urge anyone infected by ransomware, businesses included, to slow down and consider the repercussions of their actions. There are situations where you might feel like you have no choice but to pay, particularly in double-extortion situations where the threat of online leaks of your data is imminent, but we assure you that you always have a choice in the matter.

Instead, You Should Call Us!

If you become the target of ransomware, we suggest you call Point North Networks at 651-234-0895. We can walk you through the appropriate next steps to address ransomware on your network.

Granted, it’s easier to prevent ransomware in the first place than to deal with an active threat, so we also recommend that you outfit your network with top-notch security solutions. Compound these with proper employee and end-user training to minimize the possibility of ransomware striking your company. While there is never a guarantee, the odds of it crippling your business will be significantly less with these steps in mind.

Get started today by calling us at 651-234-0895.

Hundreds of Applications Could Potentially Expose Data Through Basic Errors

At the beginning of September, it was revealed that a relatively simple issue existed in nearly 2,000 mobile applications that potentially exposed some (read: a lot of) sensitive data. Let’s take a brief, basic look at the situation to see if there are any lessons that can apply to your business.

Trust us, there will be.

In Essence, the Issue is One of Access Permissions

Let’s go over how these apps generally work.

Naturally, the apps that you use on your phone aren’t fully hosted on your device. Instead, they are commonly hosted in cloud services. In theory, the application you install effectively just contains hardcoded access credentials that allow you to access the data or the service that the application provides.

Notice that we said, in theory. Research conducted by Broadcom’s Symantec Threat Hunter team revealed that these purportedly single-purpose logins were able to access all of the files that a cloud service contained—including company data, backups of databases, and system controls.

Worse, if multiple apps included the same publicly available software development kits (SDKs) or were created by a single company, these login credentials could potentially grant access to numerous applications, exposing the infrastructure and user data of each.

So, let’s say that an attacker happened to obtain these access tokens. With the situation being the way it is, that would give the attacker access to all of the applications—and more critically, the user data these applications contain—that the access tokens granted access to.

Between the Android and iOS platforms, researchers found almost 2,000 applications that had their credentials hard-coded to Amazon Web Services—three-quarters of those granting access to private cloud services (and half of those granting access to private files), with about half containing access tokens found in completely unrelated applications.

So, What Does This Have to Do With Your Business?

Let me ask you something: who in your business could potentially access your payroll information, your employees’ private information, or all the financial data you’ve collected from your clientele and workforce alike?

This idea that certain information is accessible by those who shouldn’t have access to it is the crux of the issue. You need to ensure that your data and files are only accessible to those who need them for their work responsibilities. This is known as the principle of least privilege—basically, all access and information are distributed on a need-to-know basis, based on the responsibilities of the individual users.

In short, much like these applications should have been doing, you need to ensure that access to this data is locked down. We can help.

Give us a call at 651-234-0895 to learn more about how we can help you.

Almost 20% of Enterprise Windows Servers Lack Endpoint Protection… Does Yours?

We’re not shy about sharing how important it is for a business to have comprehensive cybersecurity throughout its entire infrastructure. That’s why we wanted to share what some recent data has shown about the importance of having visibility into your infrastructure.

Spoiler alert: it’s really, really important.

Data Shows that Enterprises Suffer from Considerable Vulnerabilities

Compiled by Sevco Security, the State of the Cybersecurity Attack Surface report took data from over 500,000 IT assets. This data, compiled from enterprise-level businesses, revealed that a substantial number of the assets these businesses rely on are missing critical endpoint protections or aren’t being actively patched.

 

According to Sevco Security’s research, the businesses they surveyed were lacking endpoint protections at a rate of 12%, while 5% of them were lacking enterprise patch management. Compounding these issues, 19% of Windows servers were missing endpoint protections.

 

Furthermore, “stale” IT—assets that are present in the security control console and register as installed on a device, but haven’t checked back in for a few weeks—is a small but serious issue for these enterprise organizations. 3% of the IT assets have stale endpoint protections, while 1% have stale patch management. However, since they are supposedly accounted for, these risks are harder to spot and more likely to create issues.

 

Of course, these findings were all based on research into enterprise-level companies, with enterprise-level capabilities. Now, just consider what that suggests about the small or medium-sized businesses and their comparative capabilities.

Trust Us to Help Prevent These Vulnerabilities from Presenting Themselves in Your Business

Part of our proactive remote monitoring and maintenance services is to catch these kinds of issues before they result in larger problems for your business. To learn more about how we accomplish this, give us a call at 651-234-0895 today.

 

Security Doesn’t Always Have to Be a Grind

At first glance, cybersecurity might seem incredibly complicated and difficult to understand, but even a baseline understanding of some of the principles of cybersecurity can go a long way toward protecting your business. Let’s discuss some of the common-sense ways you can keep your business secure, even if you don’t have an internal IT department to ask for help from.

Keep Your Antivirus and Security Tools Updated

What’s better than eliminating a threat from your network? Stopping it from getting that far entirely. With antivirus, firewalls, and other security measures in place, you can keep your business secure from the majority of threats before they even become a problem in the first place.

Use a VPN

In case you or someone else on your team has to travel, or if you have a team that works remotely, a VPN is incredibly valuable. Public Wi-fi is notorious for being quite dangerous, and a virtual private network can offer a safe haven for you to access the Internet without fear of being observed by any onlookers.

Utilize Multi-Factor Authentication

You can take your security practices to the next level through the use of multi-factor authentication. A password can only do so much in today’s threat landscape, so you should back it up with biometrics, generated PINs, and other secondary measures that can make things much more difficult for any would-be hacker.

Use a Password Manager

We know you’ve heard it a thousand times; “always use a different password for each and every one of your accounts to maximize security.” While this should be practiced, it can be difficult to observe if you don’t have a password manager keeping tabs on each of your credentials. Plus, let’s face it, you don’t want to rely on your browser’s password management options if you can help it.

Avoid Phishing Scams

While it would certainly be amazing to win the lottery, a free vacation, or catch some juicy gossip in your email inbox, the fact of the matter is that phishing emails know that these kinds of temptations make you want to click on links in emails, regardless of how likely you think they might be. Other tactics used include fearmongering and threats, which aren’t nearly as fun to receive, but are equally as effective, if not more so under the right circumstances. Either way, you should use extreme scrutiny when navigating messages from unknown or unsolicited sources—especially if they contain links or attachments.

Let Us Help Your Business Keep Itself Safe

While you can certainly do all of the above on your own, why not work with a managed service provider like Point North Networks? We can take the stress out of managing your network security. To get started, call us at 651-234-0895.

The Geek Squad Phishing Scam is Costing People Lots of Money

If you are a frequent reader of our blog, you know all about phishing scams. They are emails and messages sent that are designed to extort money and gain access to computers and networks for nefarious purposes. The popular IT support company Geek Squad, a subsidiary of Best Buy, is the latest company caught up in such a scam.

Let’s take a look at how the scam works and how you can avoid becoming its next victim.

The Scam Overview

The scam starts benign enough: users will get an email that tells the user that their Geek Squad membership has been renewed. Typically the people that receive this email aren’t members of any recurring Geek Squad service, so they call the toll-free number listed in the email to find out what the deal is. The operator on the other end of the line then agrees to refund the money, but demands access to your online banking account to quickly refund the money. They ask for remote access to your computer to show you how to securely do this.

Then things go completely sideways.

The technician then tells the user that something has gone wrong and tells the user that they mistakenly sent a large amount of money to their bank. Using intimidation and accusations, they get the user to then withdraw money from their bank account and send it to an address to settle up. These fake technicians (fraudsters) will then try to extort more money out of users by saying that the parcel containing the money was never received. It has cost hundreds of people hundreds of thousands of dollars over the first half of 2022 alone.

So, you don’t think you could fall for such a thing? That’s what every victim thinks until they are thousands of dollars lighter in their bank account. Last year, it was Norton Antivirus and during the height of the pandemic it was the IRS and Amazon. These scams never stop, so you should know how they operate so that you can do your best to stay secure. These scams:

  • Use the name of a popular and well-established organization
  • Send emails with attachments or links that, if you look past the frenetic content of the message, seem completely suspect.
  • Use urgency to stress the user out and make mistakes they normally wouldn’t.

Questions About Phishing You Need to Consider

If you think a message you’ve received could be a potential phishing attack, you should ask yourself these three questions:

Who Sent It?

Are there irregularities in the address it came from, are names or suffixes misspelled, or does it come from someone who has never corresponded with you before?

What Does the Message Contain?

Are there any links shared in it, does a strange URL appear when you hover your cursor over them, are there any attachments?

What Does the Message Actually Say?

Are there spelling and grammar issues in a professional email, is there an excessive sense of urgency or time sensitivity communicated, or is there a request to do something like share data or forward access credentials?

Phishing scams aren’t ever going to stop, so knowing how to identify and thwart attacks before you are out money or your organization deals with a data breach is extremely important. Let’s talk about the best practices to safeguard your organization from cyber crimes.

Check back soon for more great cybersecurity content.

Cyber security

What is a Security Operations Center?

With cybersecurity a priority for every business that depends on their IT, there are a lot of different strategies being utilized out there to keep threats off of networks and data safe. One of the most advanced strategies being used today is enlisting a service that runs a Security Operations Center (SOC). Today, we’ll investigate what a SOC is and how it works to keep threats at bay.

What is a Security Operations Center?

Security Operations Center

The Security Operations Center is a lot like the Network Operations Center (NOC), but its whole purpose is to monitor computing networks and devices and eliminate threats to their efficient operation. While that description may seem simple, business computing infrastructures are typically complex with a lot of end users, making network and device security a complicated endeavor.

Today’s businesses have computing infrastructures and networks that run around the clock, and the SOC is staffed to facilitate that 24/7/365 demand for security monitoring and services. Working hand-in-hand with your NOC (and perhaps other IT administrators depending on the complexity of your business’ IT), the SOC typically handles the overarching cybersecurity strategy.

Typically, businesses want their IT to align with how they want to run their business and part of that is maintaining uptime and keeping threats off of the endpoints, networks, and the vast amount of infrastructure that makes up the network. After all, all it takes is one vulnerability to be exploited and it can create major problems. The SOC deploys a myriad of tools and strategies all designed to do one thing: stay ahead of threats to the network.

managed security solutions

How the SOC Operates

As we stated previously, the SOC functions much like a NOC in that its main purpose is comprehensive around-the-clock monitoring and notification. If something goes wrong on the network, the SOC will log the issue and do what it can to mitigate the issue. As these things happen it will notify the IT administrator (the NOC) of the issue to keep them in the loop. Let’s take a brief look at some of the services the SOC will provide:

  • Complete assessment

    The discovery process is a major part of how the SOC can be most effective. In being aware of all the hardware, applications, and other tools on the network(s) your business needs, the SOC can ensure that everything is monitored continuously.

  • Continuous monitoring

    Not only will the SOC monitor software and traffic trends, it will also monitor user and system behaviors as a way to identify issues.

  • Thorough logging

    Keeping large computing networks secure is a big job, and a lot of your executive and managerial team don’t have the knowledge or the time to stay on top of threats as they come in. Keeping logs of every action the SOC makes, including communications with vendors/employees and steps taken to keep the network and infrastructure free from threats is a great way to provide a layer of oversight to the security process. It’s also an important factor in staying compliant with any regulatory mandates.

  • Comprehensive Incident response and investigation

    This is where the SOC really becomes a major benefit for the security of your company’s IT. Not only do SOC technicians respond quickly to any incident, they also work fast to investigate what caused the issue in the first place. Going further than your typical IT management, the main benefit of the SOC is the mitigation of efficiency-sapping issues such as malware and other manners of attack.

If you think your business could use a Security Operations Center service to keep your growing network and infrastructure clean from threats and working for your business, give Point North Networks, Inc., a call today at 651-234-0895.

Network Security

Tighten Up Your Network Security with Superior Access Control

How often do you find yourself stressing out about who has access to which data or internal resources on your company network? What about who has access to open the front door of your office or who has access to important physical resources within your building? Ensuring the security of your business’ assets is critical, and access control tools can help your company ensure that only authorized individuals have access to specific parts of your organization’s infrastructure, be it physical or digital.

What is Access Control?

Access control is, at its core, a way to restrict access to specific resources within your company based on user or role. It generally involves authorization of some sort and demands that the user verify their identity before being granted access to said resources. Think about it like asking the network for permission before being allowed onto it; once the network or infrastructure has confirmed the identity of the individual, they will have access to the resources.

Access control can be broken up into two groups: digital or cyber access control and physical access control. We’ll go over some of the benefits for both types of access control and how they can help your business keep itself safe.

Cyber Access Control

Your business undoubtedly has data on its infrastructure that should only be accessed by specific individuals and no one else. This might include sensitive employee data, applications or resources, financial records, and so on. You should be limiting access to important information like this specifically because the fewer people who have access to it, the less likely it will be compromised. Through access control tools, you can control which employees have access to specific data, applications, or resources on your network, based on their role within your organization.

Physical Access Control

Sometimes you want to keep certain users out of specific parts of your office. This is where physical access control comes into play. Physical access control might involve key cards, code-guarded doors, and even biometric scanners, with the intention of securing various parts of your office. One example of how you might use it is if you have sensitive records stored in a specific part of your office. You might keep that door locked, only accessible to specific individuals within your organization. Another example might be an access gate open only to employees of your business.

Get Started Today

Point North networks, Inc., knows how complex it can be to implement new security solutions, especially if they require a certain level of management and maintenance, like access control systems do. We want to help your business take advantage of these solutions in a way that minimizes the additional duties and responsibilities of your organization. Through Point North, you can implement, manage, and maintain these systems without dedicating your internal resources to them; instead, you can outsource the responsibility to us! Our technicians are more than happy to assist you each step of the way.

To learn more, reach out to us at 651-234-0895.

Cybersecurity

How to Get Cybersecurity Through to Your Staff

Getting your staff to care about your organizational network and data security may be more difficult than you might think, but it’s not a lost cause. Today, keeping your business’ organizational security strong relies heavily on your staff’s willingness to follow the right practices, so today we thought we’d give you seven tips to get your people to care about security

Be Up Front

One of the main reasons employees don’t often care about cybersecurity is the overt secrecy surrounding it. Today’s organization needs to come clean when it comes to the constant threats that are out there. If you want your people to have a vested interest in keeping your business’ information systems and data secure, you need to level with them. After all, they can’t help if they don’t understand.

Make it a Personal Investment

Your company holds a lot of your employees personal data. Let them know that along with any sensitive and proprietary data that could be lost in a data breach, that their data could also be vulnerable. In order to sufficiently secure your data and theirs, they need to know what’s at stake if they don’t actively follow cybersecurity procedures.

Top Down Security

Every member of your organization needs to understand that they could be targeted by hackers and fall victim to these threats. The more your employees understand that management is actively complying with security policies, the more willing they will be to alter the way they consider cybersecurity.

Gamify Your Process

People tend to be more engaged when there is incentive baked into a policy. Gamification is the strategy of scoring a person based on their efforts. This strategy works wonders for productivity so it stands to reason that it would work for cybersecurity awareness and following any organizational policy that’s in place to keep your systems and data secure.

Standardize Procedure

One of the most important variables to get your people to follow the rules, is to have them in place to begin with. In cybersecurity, confusion can be a huge albatross, so ensuring that everyone is playing with the same rulebook is a must. This includes building procedures to handle attacks such as phishing as well as password hygiene and many other security-based policies. The more consistent your procedures are, the more likely your staff is to understand and follow them.

Start from Day One

With all the threats that are out there at the moment, you will want to stress the importance of cybersecurity with current and new employees, alike. If you start hammering home the importance of compliance with security procedures from the day an employee starts at your business, the more likely they will continue to comply with them as they undertake their job; which for most of your staff, isn’t strictly cybersecurity.

Keep Training

Employee’s Security training is becoming commonplace at almost every organization, largely because the threats that it faces could have devastating consequences. You will want to invest in comprehensive training and re-training to ensure that your employees understand the importance of your cybersecurity initiatives, and that they are up-to-date on any and all changes to policy or strategy.

 

Cybersecurity is a team effort today and if your organization isn’t stressing the importance of it, it’s only a matter of time until it rears its head. If you would like to learn more about training your employees on the best practices of cybersecurity,  creating a cybersecurity policy that works to keep your information systems secure, or if you would just like to talk to one of our IT professionals about cybersecurity best practices and procedures, give us a call today at 651-234-0895.