The Pension Service
TPS 3(16) Service
Payright Payroll Affiliates
Benefits Plus
TPS Group Medical
Posted on Jul 20, 2022
It happens every minute of every day, in all types of businesses around the country: an employee receives a fake email and unwittingly clicks on a link that ends up downloading a malicious software program on his computer. Worse, the company’s central network is now at risk. The hackers demand a ransom payment to unlock the employee’s files, which are now encrypted. Unless IT staff are alerted and respond immediately, this employee’s mistake can result in major consequences, and even lead to a shut-down of business operations and financial losses.
Cybersecurity is a serious issue for individuals and businesses, with cybercrime on the rise all over the world. The FBI reports that in 2021, there were 847,376 reported complaints in the United States, a 7 percent increase from 2020. Potential losses totaled nearly seven billion dollars. Ransomware, the criminal use of cryptocurrency, and business e-mail schemes were among the top incidents noted.1 Moreover, no business is immune from a cyberattack. Healthcare organizations, municipalities, utility companies, financial organizations, and others are just a few of the businesses that have been targeted in recent years.
What can your company do to boost cybersecurity? Employees are the first line of defense, particularly against email phishing schemes. Phishing awareness training is critical to teach employees how to spot and report suspected phishing attempts. For example, phishing emails may seem legitimate because they contain brand names and logos, or appear to come from a real company. However, email addresses can be spoofed, or faked, or they may contain a domain name that is similar to the real company, with slight alterations. For example, a phishing email that purports to come from Amazon may instead look like amazon-payments or amazon-security with a Hotmail or Gmail address. Bad grammar, misspellings, and offers of free gifts are other red flags.
Once employees are trained, companies’ IT Departments should periodically send out simulated phishing emails. If an employee clicks on a phishing link, IT should review with the employee the indicators they missed and provide additional training. Simulated phishing campaigns reinforce cybersecurity training and also help employers understand their level of risk. It’s also important to keep abreast of current security threats, offer employee training on a regular basis, and keep them informed of the latest scams.
All companies are vulnerable to hacking attempts, and it’s never been more important to assess and mitigate your risks. Staying up-to-date on security software, spam filters, firewalls, data encryption, data back-up, training employees to be vigilant, monitoring use of computer systems and equipment, and developing clear cybersecurity policies are essential steps to protect your organization and its employees.
This material is provided for informational purposes only, and is not intended as authoritative guidance, legal advice, or assurance of compliance with state and federal regulations.
[1] https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf
Back to Blogs Helpful Resource Links
