From ransomware and malware to email and financial data hacks, business data and personal information are the main targets of most cyber criminals. One of the greatest threats to your information security comes from your employees lack of knowledge on the subject, and hackers know that. They send malicious emails to your employees hoping they won't know the difference between a fake and real email. Educating your entire staff on cyber attacks and what they look like could be the difference in safe online use and paying millions of dollars ransom.
At CoreTech we understand the value of cybersecurity education which is why we began providing it to our clients. We want everyone to have a better understanding of what these attacks look like, and have the resources they need to educate their staff as well.
I sat down with Wynn Obermeyer, our Director of Technical services to learn more about our security service offerings and how they benefit our client.
What tools and information do we provide to clients?
We deploy an automated security program that profiles businesses and custom designs a security awareness program that fits for that specific company. We also offer a simulated phishing attempt which is meant to show employers which employees are most likely to fall for a real phishing attack. Employers are notified on who is opening the fake phishing emails and clicking on the links or attachments. Once they know who is clicking they may implement a training program on phishing and security. The training program brings those who have ‘failed’ the email phishing tests up to speed and prevent them from clicking them again. We also offer simulated vishing which is similar to phishing, except it is sent through a text message. Another rather interesting program we provide is through USB testing where we put malicious code on a thumb drive. We then place the thumb drive somewhere random in the office and see if anyone picks it up and checks to see what is on it.
What benefits do these tools and information provide?
The training involved with these tools help businesses avoid being caught in a ransomware scheme, paying a ransom, and also creating business disruption. Hackers continue to evolve and find new ways to put a virus on your computer and trip people into falling for a ransomware attacks. Hence it is important to educate yourself and your employees. What I really like about our program is that it isn’t just a single time use, but rather it goes through a training program. Over 40 different types of courses are available.
Have clients's staff seen a change in employee behavior and found the program beneficial?
Yes, clients are seeing improvement with employee behavior. Our own office has improved substantially from when we first began it in February. We started out with around a 40% click rate and are down to almost 0%. I like that the program not only shows employees what phishing attacks may look like, it also causes them to be more cautious when opening emails or clicking links within them.
How did providing these tools to clients come about?
The proliferation of ransomware over the past few years has really grown. It is the largest threat for small to midsize businesses, so I thought it would be beneficial for everyone to have the option for education and maintain the skillset to avoid it. Even with other tools in place to screen email clients were being caught and becoming victims of ransomware.
Why do you think education is important?
Without the training and tools employees don't increase and maintain their skills to avoid ransomware, which can cost a business a lot of money in the long run. Ransomware events put companies out of business, and you want to ensure your staff understands the risks.
Regarding security, what do you think is the biggest threat for small businesses?
Right now I would say phishing is the largest threat. However, a year from now it could be something different. I think it will move toward Internet of things (IOT) onto all the devices that aren’t as secure as computers and phones. With phishing, employees are the weakest link because they could provide the hacker with access to the company data, or transfer funds without even knowing they are doing something wrong. There are tools that allow hackers to send an email to the CIO and tell them to transfer a large sum of money to a bank account and send a text to that persons phone from the owner confirming it. There are a lot of scenarios that occur like this.
Let us help you with your technology needs
Want to learn more about what you can do to protect your business? At CoreTech we’re here to help you strategize and deliver on your technology plans. We will help you educate your staff on cyber attacks and what they look like in order to keep your business safe. Give us a call at 402.398.9580..