Online Security Basics for Businesses

Cybersecurity risks are a huge threat to today’s business owners, and at Casey State Bank, we want you to feel prepared and knowledgeable about those risks. While many of us might think of hackers with sophisticated programs and computer equipment, the reality is that the majority of cyberattacks actually start with social engineering; experts estimate that between 50% and 90% of attacks involve the manipulation of people, not just computers. This means that one of the most important steps in online security for businesses is to teach your employees how to spot and deal with threats.

Social Engineering

Social engineering is one of the most useful tools a hacker can use. It is the process of exploiting a person’s trust to convince them to click on a malicious link, download malware disguised as an attachment, or reveal account credentials. Social engineering relies on your employees’ trust to introduce malware into your system, so it’s important to recognize the strategies that hackers use and train your employees how to avoid them. Social engineering attacks often use ploys distributed through email and social networking. 

Phishing

Phishing is one of the most common social engineering strategies used by hackers. This strategy involves an email or pop-up message claiming to be from a person or organization that your business deals with. Phishers might pretend to be your ISP, a financial institution, a government agency, or even a coworker. Victims are then directed to a fake website that attempts to collect personal information. For example, a phishing scam may direct one of your employees to a phony IRS form that tries to collect their name, address, and any financial account information they may have for your business. It only takes one mistake from an unsuspecting employee to open the gates of your system to malware like keyloggers and viruses.

Protecting Your Business

Social engineering scams don’t rely on the type of technology that can be defended against with technological solutions. The only way to protect your business from social engineering attacks is to train your employees (and to know yourself!) about what to look for. 

Employees should always be wary of any suspicious or unusual pop-ups, websites, and email messages– especially if those email messages come with attachments. Certain types of attachments are more likely than others to carry malware. Teach employees to be extremely wary of unexpected attachments ending in .exe or .msi, which are executable files that run software as soon as you open them. Archive files like .zip and .rar files are also common malware attachments. But many types of email attachments can carry malware– not just these. Images can be very efficient carriers of malware. Most users are likely to trust an image; after all, how many pictures do we see online every day? But even image files can contain embedded malicious scripts. 

Employees should also make sure to read everything very carefully. Sometimes scammers operate in a second language and give themselves away with poor grammar and spelling. Scammers will also use variants of common websites– think “Amzon” instead of “Amazon” or “Gogle” instead of “Google.” Innocent-seeming password challenges and popups may also be gateways to malware. 

Your first step in monitoring and improving online security is user education and awareness. All users must know the company’s policies and procedures for internet access, and they must follow online security practices when accessing company accounts. You should also keep logs of daily account activity and frequently review user activity, as well as system access activity. 

Online Security for Businesses with Casey State Bank

Doing business on the internet may seem risky, but there are ways to minimize the risk of cyberattacks. At Casey State Bank, we recognize the importance of online security. That’s why we’ve created our online learning center to help you learn more about this issue and many more. Check out the Casey State Bank Learning Center for engaging videos about SAFE Security topics.