#1 It’s Not A Technology Problem. It’s A People Problem
When it comes to security, your organization is very similar to a house. For protection, you have doors, locks, windows and fences. To detect threats, you have alarms, motion detectors, monitoring and crime watch. To respond to threats, you might have your own arsenal or methods to this. But intruders can still gain access. Businesses are in the same boat and in many cases may have all kinds of next generation technology to protect, detect and responsd to threats and sure enough, intruders still gain access. Why? 95% of breaches are related to human error. This makes it imperative to focus on early detection and response to lower liability because there is no way to keep everyone out.
#2 Nobody’s “IT Guy” Has Everything Covered
While most organizations don’t have a solitary, in-house IT resource managing both IT applications and IT infrastructure, (because it’s impossible to find the specialization and bandwidth in one person), many companies still work with a third-party “IT guy.” Even if this individual is only focused on IT infrastructure, there are still significant skill and bandwidth gaps. The operative term is “single point of failure.” This was much less of a problem 20 years ago. However, IT systems have become much more decentralized and complex and now require oversight by specialists in diverse disciplines such as public cloud, security and mobility. Do any of your vendors still work with an IT guy? Remember, you are only as safe as your weakest link.
#3 Cybercrime Has Very Low Barriers To Entry
Cybercrime is increasingly accessible to everyone. There are online job postings, anonymous payment systems and marketplaces where personal data is bought and sold 24/7. You can even buy $40 software programs to hack into systems. Many come with ratings similar to Amazon Reviews and some allow you to choose options like gold, silver and platinum depending on the kind of support you want.
How scary is that?
#4 Cybercrime Is Deployed Via Social Engineering Tactics
Phishing is the most common form of social engineering. It often appears in emails, chat tools and web ads. It’s designed to look like it’s coming from a real company and delivers a sense of urgency or demands immediate action. A hacker could disguise themselves as a company emailing an end user an invoice. When they click the attachment, it will release a virus into the system. Or you could be reading on article on the New York Times website and unwittingly click on a Bing ad that redirects you to website equipped with an exploit kit that downloads a virus, malware or ransomware to your computer.
#5 You Do Not Have To Go At This Alone
There are several reasons your company is working with Multi IT. Security is certainly one of them. If you get any suspicious or random emails from Amazon, Microsoft Office, DropBox and LinkedIn (just to name a few), practice the 5 second rule and take a breather before responding or clicking. I would always call the sender to confirm any digital signing requests. And please forward any questionable emails to [email protected]. We’re here to help.