As you reflect on 2016, it is hard to look back without remembering the many public incidents of cybersecurity issues. Given the complexity of this ongoing environment, more money and time will be spent in order to better respond to this situation.
However, that is not enough. It is important that your employees are well-trained and equipped to protect your clients, your firm and even their own private information. It can be overwhelming, so let's focus on how you can help your employees better understand their role in identifying threats and preventing cybersecurity attacks.
Email is still the most common channel for cyberattacks. Most of us can easily spot fraudulent requests when there are misspellings or grammar issues in the message. Unfortunately, fraudsters' efforts continue to evolve. You might be thinking "been there, done that" on this threat. However, it is critical for your employees to understand what to look for, and to review every email request very carefully — even if it looks like it is from someone you know well.
For example, it is important to look for any errors or inconsistencies in the sender's email address. It could list FedEx as the sender, but the actual sending email address is unrelated to the name displayed. Be suspicious of internet links included in the email, especially if the URL has been shortened using a service like Bitly. You must know where the link actually directs you before you click on it.
Finally, there are many tasks that you should never do by simply following an email's instructions, especially requests that were unexpected. If you receive an email from a company you do business with requesting you to change your password but you didn't ask for it, don't respond by following the email's instructions. Instead, go to the provider's website by typing the URL into your browser as you normally do to log in to the system, or contact the provider directly.
Another frequent cybersecurity attack that your employees should be aware of is what's known as "scareware." Scareware is a malicious computer program generally packaged in a browser window popup that is designed to influence the user into downloading unnecessary and potentially dangerous software.