We Created A Written Information Security Plan (Wisp) A Couple Years Ago. We’re Fine.
ment to defense will never reach theirs to harming you. Don’t underestimate them. Seriously, we’re good. We don’t need simulated phishing. I assure you, there’s no question you need simulated phish- ing! Tech Advisors does it here, too. My Reputation Will Be At Stake If I Tell Anyone I’ve Clicked On A Bad Link. 6 If you click on something that doesn’t seem legit, the worst thing you can do is keep it to yourself. If your company gets hacked, tell your MSP — ASAP! Some of the worst zipped-lip offenders are managing partners. Help them understand that an ego can be the flame that burns down the company. Make sure your clients feel comfortable calling you and appreciate the urgency. Once they learn how to recognize suspicious emails, they should get in the habit of letting you know when they receive one. Cost should not be a deterrent, since this time is likely already included in most MSP packages. I Wouldn’t Dare Question The Person In Charge. If employees fear speaking up to bosses more than making a huge bank transfer outside of normal protocol, there’s a bigger cultural problem to address. Encourage your clients to be approachable and regularly communicate with their team. Building relationships can break barriers to safety. An employ - ee should never feel embarrassed to contact their supervisor. 7
2
If that WISP is not current, it’s not in compliance. It needs to outline up-to-date protocols for employees to ensure they keep PII away from thieves. Leadership should understand what the WISP entails and why it affects cyber-insurance qualifications. Then, continually educate everyone about their role in protecting the company. (Yes, CEOs, that includes you.) And for those organizations that review the WISP whenever the mood strikes? Guess what. Cybercriminals don’t just punch in every couple years. They work every single day, courting you until you click on a nefarious link in an email — which is how 87% of hacks occur. While you sit back, thinking you’re fine, they’re developing more sophisticated ways to access your system, building a fast-growing cybercrime industry. I’m Too Smart To Click On Something Like That. Only Fools Fall For Phishing Scams. Intelligence is irrelevant. It’s about awareness and attention at a given moment. If a leader feels superior to their staff and arrogantly skips simulated phishing training, they can miss key lessons and be more susceptible to falling for the scam. This can also happen to anyone who feels stressed out or preoccupied; those people don’t look closely at details in an email. Remember, hackers are pros at tricking people, and some of the brightest people have gotten hit. And in this ever-changing industry, even information technology professionals like MSPs can’t possibly know everything about cybersecurity. The bottom line is that all employees need regular training. If a higher-up’s ego needs coddling, remind them they have a powerful respon- sibility to protect others, and employees are counting on them. People Who Click On Phish Bait Should Feel Ashamed. This might be the most harmful lie of all. As mentioned above, anyone can click on a bad link. Model humble leadership; show clients how to cultivate a safe environment where shame and blame are not tolerated — and be the first to admit culpability. Never ask, “Who clicked on it?” It doesn’t matter. Someone was fooled. It might have even been you. Education tools like simulated phishing demonstrate what a mistake might look like. Note that managing partners tend to sit out of these trainings, but 90% of the time, the hacker targets the manager. Simulations allow people to learn how to identify when an email doesn’t look right, and spotting the signs is most effective with practice. Keep in mind these programs are like catch-and-release fish - ing. If you get caught with real phishing, you’re not going to live. We’re An IT Company, So We Can Handle This On Our Own, Thanks. Nope. If you work in cybersecurity, you can still get hit. We’re an IT company, and it has happened to us. You are not shrewder than the cybercriminals. Your commit- 5 4 3
I Don’t Need To Worry About Employee Social Media Habits.
8
Unless you’ve slept through the entire pandemic thus far, you’ll know this is not true. The surge of people working outside of the office’s protective firewall has caused cybercrime to go through the roof since early 2020. The blurring of work and personal activities online has made it more evident that people share too much information on social media. Cybercriminals scoop up per- sonal data, which become clues to crack passwords. When accessing the company’s network from home, every action can affect the organization. Remind clients that the networks they originally configured to accommodate a handful of employees occasionally working from home (WFH) were not designed for use by everyone all the time. This capacity overload makes WFH security even more precarious. You’ll hear all kinds of excuses from companies that resist putting proper security systems and programs in place. We at Tech Advisors cannot emphasize enough the importance of showing up for yourselves and your staff with transparency and humility. Hold yourself accountable, support your own growth, and encourage clients to take on a team-oriented mindset in the fight against a hacker’s tricks. Cybercriminals know that the easiest way into any organiza- tion, no matter how secure, is through its employees — human beings who can be tricked and manipulated. Lead by example,
commit to continued learning, and stay suspicious! For more information on Tech Advisors, visit Tech-adv.com. n
MSPSuccessMagazine.com/cyber2022 9
Made with FlippingBook Ebook Creator