It's a pretty eye-opening statistic: a full 95% of all data security problems are caused by human error.

According to data security expert Ashley Schwartau of The Security Awareness Company, the two biggest mistakes companies make when it comes to data security is “assuming their employees know internal security policies” and that “their employees care enough to follow policy.”

As we've detailed on many occasions in our blog, there are many security risks to which your company's data is susceptible, including ransomeware and malware. An no matter the advances made in their techniques by cyber criminals, there is one method that remains an effective hacking tool. That is the phishing scam.

Phishing starts with a legitimate looking email that tricks the receiver in to click on a link. Once clicked, the link will infect the user’s computer with software targeting passwords, logins, and other critical data. Another method includes sending the receiver to a legitimate, asking them to enter in personal data like passwords, telephone numbers or addresses. In both cases, the old phishing scam is still the most common of all data security scams. In fact, according to the Symantec 2017 Internet Security Threat Report (ISTR), 1 in 131 emails contained malware in 2016. That was the highest rate recorded in 5 years of study.

The single best defense for your company is employee education. It is essential to regularly train your teams to be constantly aware of the emails they receive.  One method some companies employ is to send out their own "fake" phishing scams. When employees click on the link that are met with a notice that they've fallen for the scam and given an education lesson on how not to fall prey in the future. While this trick might seem simple, it can be effective in getting employees to think twice.

You business may not be ready to go that far, but it is important to provide ongoing training to all of your staff about phishing scams. Your staff are critical factors in your data security plans. To avoid falling into these traps, you must: No. 1 have a plan, No. 2 educate users about your plan, and No. 3 make them care about procedures.

Defense Plan Against Phishing Scams

You'll need to have a defense plan for each of the layers that a hacker can attack: the physical layer (i.e. you need policies to ensure that only authorized personnel can access your devices), the network layer (i.e. make sure that only authorized devices access your network, and your devices only access authorized networks), and the human layer (i.e. you should make your employees practice good password hygiene and are aware of security threats).

You should train employees on your security and disaster recovery policies at least twice year, and your IT person should keep your employees up-to-date on security issues on a weekly basis. Make sure that they understand the risks of a breach. Most importantly you need to create a “culture of security,” where employees go beyond the minimum guidelines laid down by your IT staff and always ask “is this good security sense” for every action they take. You need to have clearly defined penalties for those who practice bad security, and reward those who display good security sense.

About Chicago Managed IT Consultant BKS Systems

If your company is lacking any kind of IT security services, contacting a managed IT services provider may be an option for you. Managed IT Services can give you the security your company needs without the cost of hiring a full- or part-time IT professional.

Since 2000, Business Knowledge Systems (BKS) has been a Chicago managed IT consulting company offering a full suite of  IT services, IT support services and cloud based implementation. We specialize in serving small to medium-size business in the financial and banking, logistics and transportation, and professional service sectors.

Contact us today to begin adding managed IT services to your business, and keep your business safe from cyber criminals!