When I was a kid, I remember being told a few times to “grow up.” With maturity, though, comes responsibility. In like form, that’s what we’re talking here: keeping your information and network safe by being responsible. It is tempting to think your technology is invincible, just as youth often likes to believe, but that’s a dangerous way to live for small businesses. We’re older and wiser now. We’ve come of age. It’s time to embrace responsible computing.
Responsible computing means taking steps to keep your network environment safe – for your company and end users. Consider these three big issues:
1. Attachments. Most people know that Federal Express is probably not really behind that email. But what if it appears to be from a well-known company? First, ask these questions: Why is this attachment sent on this email from this person? Is the email from someone I know? Look for extensions like .pdf or ones that indicate an excel spreadsheet, zip file or other office document. Cybercriminals sometimes hide executable file extensions (files that execute other files carrying a virus) to trick end users. Clicking on the file then sets a chain reaction in motion.
2. Phishing Emails. These are nasty. Phishing emails contain links to fraudulent websites. Placing your cursor over the link should reveal a message bubble that further identifies where the link will take you. One client experienced multiple Cryptolocker viruses. We conducted a mock test whereby employees received an official looking email that stated: “We have security issues and have reset your password.” Fifteen percent of recipients clicked the link in the first two hours. The test gave us insight into user response and prompted the company to employ responsible computing best practices.
3. Social Engineering. Social engineering means getting somebody to give you information based on your social media pages, a ripe place to cull from. The directive here is simple: Don’t give out personal information about you or your company over email or by phone.
In the end, containment is your best defense. When you experience any of the above, the first order of business is to contain the problem by contacting your technology company so that they can scan the attachment. At 3Points, we sometimes disable the attachment preview pane, minimizing vulnerability.
Spending a few minutes containing the potential risk could save hours restoring files later from a Cryptolocker file-encrypting infection. All too often, we see end users forwarding on suspicious emails to people and asking them if they think the email is legitimate. Bad decision. Sharing emails spreads the problem. Of course, a natural inclination is to just delete a suspicious email. Out of sight, out of mind. A better way, though, is to flag the email as “junk” in order to “train” your email application on what to look for next time. Ask your technology provider to examine the email and possibly set additional spam filters to prevent similar emails from coming through.
Small business IT support starts on the inside with responsible computer users. Of course, firewalls and an up-to-date antivirus minimizes problems. But it only takes one email or link to cause serious problems. Communication is key. Educate new hires about responsible computer usage and refresh employees once or twice a year. Even an email reminding your team about best practices or publishing responsible computing guidelines are great options.
Jon Pisani is the sales engineering manager at 3Points where he manages maintenance agreements with vendors, leads audits for new business sales, and manages the 3Points Tech Team. Email Jon at firstname.lastname@example.org.