Employees Can Be the Front Line of Defense Against Cyberattacks

Vince Miceli, VP of Technology Development at Pulse Technology

By Vince Miceli

A Forbes article offers a cautionary tale: If your business hasn’t experienced a cyberattack yet, that doesn’t mean that you won’t – or that, if you haven’t yet, your security protocol is sufficient. Almost 42% of small to medium sized businesses (SMBs) have experienced a breach in the last 12 months; and with experts noting a new trend toward smaller and more focused attacks, the number is likely to increase.

We have heard of the dangers – and damage – that a cyber attack can do to a company’s operation, its reputation, and its future. Companies that suffer a breach often incur thousands – even hundreds of thousands – of dollars in expenses to remediate the problem. And the damage from a breach can be long-lasting and crippling to a business.

The best defense against a cyber attack is a strong offense – meaning that a company should have the latest, up to date protection of its infrastructure. But the best protection in terms of software, firewalls and more is only as good as the people responsible for operating the network – or, in other words, a company’s employees.

Statistics show that around 90% of cyber attacks against companies occur due to human error. Somebody inadvertently click on a suspicious email, or website link which allows hackers access to the company’s network.

In addition to strong network protection, a comprehensive employee training program will pay big dividends. Companies and their employees should work together to create a safer, better-protected infrastructure. Here are a few ways how to accomplish this objective.

1. Employee training is perhaps the most important part of any cybersecurity strategy. Because the overwhelming number of hacks and intrusions into a network are as a result of human error, companies should conduct regular training. Educate, empower and encourage employees to be the front line of defense. They should be able to recognize the latest threats from suspicious emails to phishing scams. Training should show examples of what the latest hacking attempts are, and be centered on a cautious approach – do not open any emails that are suspicious, and be aware of attach and that they understand what to look for as a phishing scam. Remember: one “wrong” click can put a company in a world of trouble.

2. Establish basic security practices for employees. This begins with requiring strong passwords. Cyber experts generally agree that between 80% and 85% of intrusions can be traced to passwords. Strong passwords should include a series of numbers, letters (in both upper and lower case) and some unique marks, such as exclamations or !@ or ^. Strangely, the most common password in 2022 used was still “123456” according to information from Business News Daily. Everyone should change passwords regularly, at least once every three months.
3. Two-factor or multi-factor authentication should be standard practice for emails and other access points.
4. Companies and their employees should only use IT-approved tools. Installing unapproved applications or using unsanctioned cloud services can create security gaps.
5. Failing to install updates and patches on company devices leaves them vulnerable to cyberattacks. Be certain that employees have timely updates on their computers.
6. USB and external device risks: Plugging in unknown USB drives or external devices can introduce malware. Do not use non-approved external storage.

7. Do not allow platforms such as Google to “remember” your password. This practice allows instant access, and if Google gets hacked, for example, that potentially exposes your information to the hackers. This is also true for a company’s financial information, such as access to banking accounts. It may seem inconvenient to log in separately each time, but not nearly as inconvenient as the cost and aggravation of a data breach.
8. Do not allow any personal information on workstation computers or networks.
9. Beware of social engineering scams. Hackers are sophisticated in their methods, and can manipulate employees into divulging information through phone calls, messages, or impersonation. There are examples where an email seemingly from the company’s CEO asks a key administrator to wire funds or forward W2s, for example. Always verify identities before sharing sensitive details. If you are uncertain that the email or text is legitimate, call and double-check. It was easier at one time to detect scam emails and messages by awkward grammatical construction and typographical errors, but the messaging of cyber criminals has become moe sophisticated.

10. Back up all data to a cloud server, which will go a long way toward neutralizing ransomware threats.
11. Use the latest anti-virus software and see that all updates are installed in a timely way – as soon as they are available.
12. Business owners should limit access to sensitive data, including computers. This includes preventing access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
13. With financial information in particular, encrypt files for further protection.
14. The U.S. Small Business Administration recommends safeguarding your Internet connection by encrypting information and using a firewall, and if you have a Wi-Fi network, make sure it is secure and hidden. With Wi-Fi, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password-protect access to the router

15. Have a strong mobile device action plan in place. The FCC recommends requiring users to password-protect all devices, encrypt all data, and install security apps to prevent criminals from stealing information while the phone is on a public network. They further advise establishing reporting policies for lost and stolen equipment.
16. Avoid using public Wi-Fi wherever possible. One alternative is to use the hotspot option on a Smartphone rather than expose data to an open network but a VPN (virtual private network) is better.
17. Avoid careless use of AI and Chatbots. Entering confidential company data into AI tools like ChatGPT or other generative AI platforms can lead to unintended data exposure.
18. Avoid sending sensitive data through unsecured channels, or by using personal emails. Failing to encrypt information can expose a company to breaches.

Business owners and employees can and should work together to lessen the likelihood of a cyber attack. It is vital to each company’s security to be up to date on the latest threats, and ways to mitigate these threats. A strongly protected infrastructure and well-informed and educated employees makes a strong front line of defense against cyber threats.

Vince Miceli is the VP of Technology Development at Pulse Technology, where he drives IT sales and security-focused managed services for SMBs. With expertise in cybersecurity, AI integration, and business technology, he helps companies optimize operations and scale effectively. Pulse Technology is headquartered in Schaumburg, IL, and serves customers in Illinois, Indiana, and Wisconsin. Vince holds a bachelor’s degree in Business Management and a Certificate in Entrepreneurial Studies from the University of Iowa. Pulse Technology has been serving the region for 70 years, providing technology services, including IT, to businesses and organizations throughout the Midwest.