One of the best defences when it comes to cybersecurity are your people. As we see all too often, even some of the most secure IT infrastructures can feel the brunt of an attack due to a mistake on their teams’ behalf.
Cyber criminals can now draw on a plethora of techniques in an attempt to break down your defences, from blanket phishing attacks to very highly targeted methods, criminals rely on human traits such as trust and instinct to trick your end user into letting them in. The only way to combat this threat is to train your teams on the types of activity they are likely to encounter while both online and offline along with necessary steps to mitigate against the risks these threats present. This post should act as a mini training guide, giving you the resources to train your teams on some of the most prevalent cyber threats out there today.
Phishing:
Employees within your organisation should have clear guidelines on what to do if they are suspicious of an email. Emails that vouch for a raised eyebrow include: very personalised emails (or the use of your username as opposed to your real name), spelling and grammar mistakes or scare mongering call to actions such as a line that says ‘act now or risk losing your account’.
Phishing emails are filled with malicious links that will take unsuspecting users to a number of different sites, often spoofing popular consumer websites presenting users with a sign in page that will capture their log in credentials. Translating this into business impact, one click on a phishing email within your business could see an attacker enter your network in a number of minutes. From here they could deploy ransomware to encrypt all of your business data causing a serious amount of downtime. One of the only ways to prevent your business falling victim to phishing is to train your users on how to spot suspicious emails – see the resources you can share with them below:
Blogs and Infographics:
- 7 Strategies to Combat Phishing Attacks
- Don’t Get Hooked: How to Spot Phishing Attacks
- How Do You Spot a Phishing Attack?
Self-serve training quizzes:
Ransomware:
Ransomware seeks to enter your businesses networking with the aim of encrypting all of your data, rendering it totally useless unless you have a reliable backup solution in place that can recover your data.
A simple tactic you can implement immediately is to ban the use of USB sticks. While they can be useful in transferring files and data from one device to another, they pose a huge threat. Without knowing exactly what is on these portable drives, you could infect your network and computer with ransomware as soon as the USB stick is put into your device. We strongly suggest using online transfer services such as WeTransfer or Dropbox and avoiding USB sticks altogether. Below are some of our resources you can use to educate your teams on ransomware:
Blogs and Infographics:
- Are you Ransom-A-Ware?
- Datto’s State of the Channel: Ransomware Report
- Ransomware – What Is It?
- The Dangers of Unknown USB Devices
The General Data Protection Regulation:
The highly anticipated GDPR came into force in May 2018. While the regulation has now been in force for some time, we have found a number of clients end users are still unaware of what this means to them and how they handle personal data. Under the GDPR your business could face huge fines, enough to put most SMBs out of business and so checking your teams understand the legislation is incredibly worth while. To bring your teams up to speed we have two training quizzes as well as some blogs and infographics.
Blogs and Infographics:
Self-serve training quizzes:
Cybercrime in General
Cybercrime is a problem faced by all businesses, operating in all industries and in all countries. Unfortunately it shows no sign of slowing down, and so ensuring all of your team members understand what cyber crime is and how they can help to prevent certain attack methods is crucial in maintaining the integrity of your security defences. Below you will find some more generic self-serve training quizzes to be shared with your teams along with some blogs and infographics taking a broader look at cyber crime and the threats out there today.
Blogs and Infographics:
A Selection of other self-serve training quizzes:
We regularly updated our Blogs page with educational pieces looking at a range of topics relating to the SMB, cybersecurity and data protection. We also send out a monthly Cyber Roundup – please subscribe here to receive the next Cyber Roundup.