Best practices for cybersecurity at small-medium sized businesses (SMB) usually focus on network security, operating system patches, password management, and monitoring.
While these practices are important components of every security plan, the lowest-hanging fruit for potential attackers has shifted over the last few years. As more businesses have moved their email servers and other sensitive applications to the cloud, fortifying a typical attack vector, attackers have shifted their strategy.
Nowadays, the most common damaging security breeches involve sophisticate spear-phishing attacks that penetrate every company’s weakest link, its people.
It’s well known that people are biased to believe a good story. Technology itself will never prevent a good con. In addition to strong monitoring, what a business needs to do is prepare and educate.
Preparing means controlling the damage that spear-phishing can do. For example, limiting the amount of money of a bank transaction to $5,000 without multiple approvals. Educating involves familiarizing your staff with specific examples of common social engineering attacks, and building a healthy skepticism in your all employees Education must be ongoing and reinforced to be effective.
Next time you think about how you’ll improve your company’s security, or even the security in your personal life, follow all the recommended best practices. But don’t forget that you, your employees, or your family, may be the weakest link in the chain, and take action to prepare and educate.