As an independent business owner, it’s probably safe to say that your business is your most valuable asset in your professional life. You’d likely go to great lengths to protect that business. You’d want to do whatever’s possible to ensure that asset is safe from whatever threats exist out there.
John Sileo felt pretty confident that his startup was secure from potential threats or any hackers. The one problem, though, was that he never for a second thought that securing his business meant he also had to secure his trashcans at his house. Turns out, that’s how one hacker got a hold of Sileo’s financial information, hacked his business without his knowledge, and went on a fraud-filled spending spree that ultimately cost him his business.
Not only that, Sileo found himself in some white-collar legal trouble because of the hacker’s spending that led to his being in and out of courtrooms for the better part of two years, fighting to stay out of jail.
His story, which sounds like a Hollywood plot, was actually the basis for the movie Identity Thief, starring Jason Bateman and Melissa McCarthy.
While you’re not likely to be in a situation where you’re having to track down some dumpster diver to clear your name and recover stolen cash, the fact remains that you can really never be too careful when it comes to protecting your business.
Sileo was the keynote presenter at a recent #HackersSuck event hosted by Telesystem, where he shared a number of different tips and tricks to protect and prevent your business from being the victim of a cyberattack. Above all, though, he stressed how important it is to get buy in from your employees. Without that, he says, any level of cybersecurity is going to ultimately be undermined.
To that end, two key learnings stood out from his presentation that all independent business owners can use to better protect their assets.
Make It Personal
At the end of the day, all security is human, Sileo says. And the quickest way to get employees to understand the potential impact of a cyberattack is to have them think of it from that personal aspect.
A leaked password. Stolen bank account numbers. A hacked phone. An improperly shredded document with sensitive financial information left sitting in a trash can at your curb. Any of these would cause a tremendous amount of stress and potential loss for a single person. In Sileo’s case, his two-year effort to clear his name ultimately meant two lost years of being an active parent in his two daughters’ lives – something he’ll never be able to get back.
Make the pitch to practice good cybersecurity habits a personal one for your employees. After all, over 80 percent of all cyberattacks are the result of human error. Some form of social engineering, clicking on that link in a fake email, sharing information with someone pretending to be an employee, insecure personal devices that have access to your network, weak passwords or no two-factor authentication. Heck, maybe you have that one employee who really does believe they can help that Prince from Saudi Arabia by accepting that $246 million cash gift if they just provide their bank account and social security number.
You just never know.
What we do know, though, is that employees who can make that personal connection to the company and understand why they wouldn’t share that type of sensitive and personal information with a complete stranger will also understand why they need to keep your business’s data secure as well.
Encourage Them to B.S. – Be Skeptical
To that point, mindful skepticism is ultimately a business’s most powerful tool in the fight against cyberattacks. Teach your employees to B.S. – Be Skeptical – of those phishing emails and other attempts to get them to leak information.
Teach yourself and others to verify that the email they’re reading or phone call they’re taking is legitimate. Does it look real? Is the sender someone they know or can easily identify? If you’re on the phone, is the person on the other end able to confirm some basic information that only a colleague or partner you work closely with would know?
Skepticism today is more important than ever given some of the advancements in technology and hackers’ use of artificial intelligence-based tools to up their game. Spear phishing and AI phishing attacks are hyper personalized to a business and can often seem legitimate. But they, too, have their faults.
All it takes is one slip up or one moment of letting your guard down for hackers to get what they need to gain access to every part of your business. And we’ve highlighted in the past just how much damage can be done to an independent business if they are hit with a cyberattack.
