Know Who You’re Letting In
Joel Caskey
Cybersecurity Manager & Partner
NET Xperts LLC
Greetings, Cybersecurity Superheroes!
Let’s go back to our childhood for a moment. I’m sure that your parents had the discussion with you to never talk to strangers. If a stranger knocks at your door, get your parents. Or – simply don’t answer the door! Basic safety principles, right?
Let’s fast forward a few years. You have your own place now. Someone shows up at your door and knocks or rings the doorbell, how do you handle that? Let’s say that someone from the gas company shows up unexpectedly. First, you look out the window or the peep hole to see who it is. Then you ask for identification to prove that they are who they say they are. You do not let that person in your house until you’re sure that you have verified who they are and why they’re there. You’ve been TRAINED to do that (trained is the key word here, which is why it’s in all caps… I’ll come back to that in a minute!).
Your parents would be very proud of you to know that you’re handling physical security so well… but did you know that you can do the same thing with network security? Hackers are finding that it’s incredibly easy to get an end user to let them into your network. End users are being targeted – mostly because they haven’t been TRAINED in how to spot a bogus E-mail or phone call.
So how do we help to guard against that? Well, this gets tricky, because bad actors are always finding ways around system controls. But notice that I’ve been emphasizing a certain word in some previous statements here: TRAINED. Do your users know what a phishing attack is? Do they know the signs of what to look for? Do they know how to handle a potential situation involving a phishing attack? The answers to these questions might surprise you. The answer to the challenge, though, is simple – Don’t open the door to strangers!
“Creating Awareness Creates Results.” This is one of my absolute favorite phrases. If you’re not aware of the threats in the world, it’s very hard to know how to act if you’re confronted with an attack. The #1 best thing that you can do to mitigate a phishing attack is to TRAIN YOUR USERS. Make sure they know that the threats exist, what to do, and how to safeguard your customer information. Know how to spot a bogus link, know how to tell if an invoice or eSign document is legitimate, and know how to handle someone calling to get information by being able to verify who they are.
Our NET X Phishing program does exactly that – it creates awareness around phishing for your end users. It also provides you and your stakeholders with reports to show real results. For Cyber Liability Insurance, carriers are starting to ask when your most recent phishing test was, and what your failure rate was. Most times when the first simulation is run, you’ll be surprised at the results – they’re typically much higher than expected. We can help to educate your users and bring that phishing awareness into your organization, which helps to reduce your risk of being compromised.
So again, “Creating Awareness Creates Results”. Let’s work together to create that awareness on your network to close that gap!
Until next time, Cybersecurity Superheroes – Stay safe out there!