There are people in your company whose job it is to open attachments from unknown people. Could this be a problem? Absolutely, find out how today on Cyber Sentinel.

How do my employees stay up to date with cybersecurity in the workplace? 

So companies have employee training programs around all kinds of stuff these days. Everyone's got mandatory training they've gotta do, OSHA, safety training, you know we've even got training now on how we should treat our clients, customers, and our coworkers so everybody can get along. A lot of companies though have not implemented cybersecurity training for their staff.

This is an issue because we're still seeing about 74% of all of the attacks coming into corporate entities are coming in via email, via either link in an email message or infected downloads from attachments. So we really need to address that, companies of all sizes so small businesses up to large corporate entities. Your small business can do this fairly easily, there's a lot of cyber training that's available these days. The best training programs are either web-based, we have some instructor-led ones that are available as well. Those web-based training are good. People tend to be able to go through those really quickly. What these training programs need to really address is the why. Why do you not wanna click this link? Why do you need to pay attention to stuff as an employee of the company? For me, I always learned better if someone could tell me the why behind something, I'm more apt to remember that going forward so that I can actually be an integral part of the security for my organization. Instead of liability from the cybersecurity standpoint. So employee training should be fundamental to any corporate security program.

How can a hacker retrieve confidential information from my business? -

So the staff here at ASC Group belong to numerous security threat databases and notice notification organizations. Some of those are private, some are government-funded organizations that really give us some intelligence into what is going on out there in the world of cybersecurity.

One thing that we've seen a lot of notices on lately revolves around your HR department. So this makes a lot of sense if you really think about it. We talk a lot about email security and things like that so who in your organization, as the function of their job is supposed to be opening attachments from people they do not know? It's your HR department. They're getting resumes all day long from people they don't know. They're opening these attachments. This has become a major threat vector that people are seeing across the country. Where those HR departments are being targeted for phishing campaigns and attachment files that have been loaded with malware. This is particularly troublesome when we tie it in with some recent financial fraud around HSA accounts and your 401k accounts.

There's not a bigger repository of money that I can think of than all the money United States employees have tied up in corporate 401k programs. And the cybercriminals know this, they've begun to target those accounts through the HR departments so if they can get into an HR department, infect those HR computers, then chances are they're gonna be able to grab the PII, personally identifiable information, for your staff and be able to grab the login information for your 401k and HSA accounts. So your corporation security program really needs to pay special attention to the machines in HR and how that PII information and those accounts credentials for those high dollar accounts are protected. So keep that HR department in mind in the security plan.

Trending News

So North Korea's been in the news again lately. President Trump's had a couple of summits with the North Korean leadership. We're trying to get them to back off their nuclear weapons programs and some other, the rocket programs that they've got going over there. One thing that goes a little unreported in the news is North Korea's cybersecurity or cyber-attack programs that they've got going. They really target governments and people, corporations worldwide. For the North Koreans, this is a major source of foreign currency for them, they don't do a lot of trade in the traditional space so the cyber attacks have become a major funding method for the North Korean government. A lot of the ransomware attacks, which we've talked about on the show before, are being directed out of North Korea so these ransomware attacks target targets of opportunity oftentimes.

So your small business may not be something that the North Koreans have looked up and said hey we're gonna go after you particularly, but you're a target of opportunity. They'll run scans across the internet as a whole looking for known vulnerabilities, if your corporation is affected by a known vulnerability then they can get into your organization or they use a phishing scheme to get into your email, then they're gonna use that as an opening in order to deploy ransomware which is gonna encrypt your data, once your data's encrypted they're gonna offer to unlock that for a fee and those fees go into funding North Korean foreign exchange accounts. You don't often think about the North Koreans being a threat to your small business, this is the way in which they are a threat. How do you defend yourself against this kinda thing? Good cybersecurity standards are the only way to go. Make sure everything's up to date, make sure your firewall's up to date, train your employees, all the standard practices apply whether you're trying to defend yourself against the typical depiction of a loner in his basement with a computer or a nation-state that happens to be trying to get their funds for their foreign exchange up. The security is the same for both, don't let your company become a victim of ransomware from North Korea.