Imagine if you had two emails that were worth a million dollars each. You would do everything that you can to protect those emails and ensure that no one deleted them. You would back them up, have multiple copies in place so that if you lost those emails, you would have a quick way to recover them. You would make sure that access was limited, with strong password protection, and everyone who had access to the delete button was properly trained on how to open and read the emails safely.
Two emails. It was two phishing emails that cost UnityPoint Health millions of dollars. So why aren’t we emphasizing the BEFORE in cybersecurity? Proper, current, and ongoing training shouldn’t even be a question in this day and age of business. Pre-COVID it should have already been a priority, but now, with so many people working remotely, the risk of hackers gaining entry to a business with the relaxed and unfamiliar environment that a home office can provide is on the rise.
Repeat, Repeat, Repeat
We don’t hear something once and remember it. Especially if it is unfamiliar content and information that we don’t process regularly. If you were to say “watch out for phishing emails” to a team, one or two people in an office will likely think that you are referencing a salmon special or information on trout season – the vernacular isn’t as commonplace as it is to those of us in the IT industry. It is our job to make sure that PHISHING is as well-known as the word HACKED when it comes to educating anyone with an email. Yes, anyone with an email. Because that is the door through which cybercriminals often enter.
Take the time now to protect and educate employees, and couple that with putting a smart and all-encompassing reaction plan in place should a breach occur. Do not let a lack of education be the reason that you have to spend millions of dollars in response to two emails. Spend the time now, BEFORE a breach occurs, so that your business can survive AFTER one does.