As reminders go, National Cyber Security Month, being observed for the 12th consecutive year this month, is a double-edged sword.
It reminds us first that this is a dangerous world and there are bad actors out there.
If you doubt that, consider what happened to a top computer security outfit not long ago. A single employee ignored established procedures and opened an email attachment from an unknown source. The result was the infiltration of malware that compromised the company’s principal product. This created a problem that took millions of dollars to fix.
Or consider the Silicon Valley firm with an employee who was taken in by an executive impersonation and wired nearly $50 million overseas, where it disappeared.
These were sophisticated technology companies, so you have to wonder whether anyone can be safe.
In fact, however, we are not helpless. The positive message of National Cyber Security Month is that there are things we all can do to protect ourselves online. This applies to small businesses as well as to individuals and families.
As a business owner, your first step is to have a prevention plan in place, one that identifies policies and procedures to reduce the risk of cyberattacks.
Where can you find help creating a plan?
• Consult online resources, such as the Small Biz Cyber Planner maintained by the Federal Communications Commission (fcc.gov).
• Talk to your Internet service provider. Many have services devoted to helping business customers.
• Reach out to the company that provides your security software. Many have special services for small businesses.
• Talk to your banker. Treasury management specialists can help you identify ways to protect against cyberfraud.
A good plan will cover both data and network security. Procedures pertaining to email, mobile devices and the company’s website will be spelled out.
Once a plan is in hand, it’s time for the all-important step of educating employees. Actually, it’s more than education; it’s a question of creating a culture of cyberawareness and the willingness to comply that comes from understanding just how high the stakes are. Cybersecurity should be the focus of a continuing dialogue.
An employee who has been educated and who understand the risks will delete suspicious emails instead of clicking on attachments. When the right policies and procedures are in place, well-informed employees will follow them. An employee who understands the breadth of wire fraud schemes is is less likely to fall for a masquerade and more likely to comply with procedures such as enhanced authentication designed to defeat the fraud.
As National Cyber Security Month reminds us, it can be done.