12 Days to a Secure Christmas – Security Awareness

If you are looking for French Hens or Golden Rings you won’t find them here.   Reis Informatica is giving you the gift of tips and tricks to help keep your business safe and secure this holiday season.  Today we kick off our 12 Days to a Secure Christmas!  Check back daily for advice and be sure to share on social media for your chance to win a $100 Amazon card!

Check out our tip on Security Awareness!

Mandatory formal cybersecurity training is an essential step that will help you and your organization achieve peace of mind and improve security. However, Fifty-five percent of organizations fail to educate their employees on trends in cybersecurity. Failing to train employees on cybersecurity can lead to companies becoming victims to social engineering, phishing, and ransomware attacks which can cost your business millions in downtime and lost resources while severely damaging your reputation. 

Below is an email that was received in 2018 from a system admin sent to all employees in a company that shows the possible effects of a cyberattack on your company. (The names of the individuals are changed to protect their privacy.)

From: Jonas

Sent: Monday, December 03, 2018, 1:17 PM

To: ALL USERS

Subject: URGENT Information- I NEED YOUR HELP

Hello,

 Last week we had two incidents where $750,000 and $35,000 were stolen from the company by cybercrime. These amounts will most likely never be recovered. This should not have happened. These thefts occurred by allowing the bad guys into our network by what is called phishing.

"The fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers."

In the past six months, we have identified 15% of the email users in our company falling for the fake emails and following links that require authentication of usernames and passwords.  

After the incidents last week, we identified 5 email user accounts that had been compromised by bad guys. In these accounts (one a branch manager, one a controller, one an engineer) the user ID and Passwords were given to the bad guys where they were able to intercept or send, unbeknownst to the company employee, emails with instructions to move company money for a wire transfer or modify ACH accounts for payroll deposit and vendor payments.  

PLEASE, take this seriously! You would not let people into your house without knowing who they are and what they want. Email is the same. Don’t take the bait. We will be taking measures to make it more challenging for the bad guys to win. We will be making password updates more frequently along with other authentication processes. 

You are our front line in this battle, not letting them into our systems, by being vigilant with the phishing schemes. If you are asked by our IT team to take training, I expect you to do just that. Only 66% took the training when asked during our early September Phishing Test. 

If you would like more information regarding what you can do to ensure security with your accounts, please contact Eric in our IT department or reach out to me directly. 

Thank you for your HELP,

Jonas.

These types of attacks across the world are only getting worse in 2021. If you think that this will never happen to you and your company, you are being careless. Based on our research, 68% of the identity theft victims don’t know how the thief obtained their information, while 92% don’t know anything about the individual/group that tole from them.

Security awareness training programs for employees demonstrate how easy it is for someone to give up their credentials. Security awareness training is essential for employees. Because it's not just IT who is responsible for cybersecurity, it’s everyone! 

We hope all of this festive cheer and advice is useful and can be used to ensure you get presents and not coal in the company stocking this year! 

Check back next week for another tip!  And don’t forget to spread the word on LinkedIn, Facebook and Instagram for your chance to win a $100 Amazon gift card! 

To Enter

1.       Read our blog post (Yea!  You have already done this!)

2.       Like our post on one of our social platforms

3.       Follow our page on LinkedIn, Facebook or Instagram

4.       Tag 2 peers in the comments

Bonus points if you share!!  The winner will be announced January 4, 2022.