Let’s connect!
CPA Chat

Operations Chat

November082021
Five Ways Your Employees Can Help Prevent a Cyberattack

Alexander Moshinsky, CPA, Director, Operational Advisory and Risk Management

11.08.21 | Operations Chat

In any war — and make no mistake that we are all at war with cybercriminals — the frontline troops can often be decisive. In business, your employees are your frontline troops, and you can arm them with techniques and approaches that can help defend your business. It is important to impress upon employees the potential severity of a cyberattack on your business and their occupations in a war that is carried out 24/7 by an enemy that never sleeps.

Here are five ways to arm your frontline troops.

Provide Phishing and Spam Training

Your employees are probably aware of the scourge of phishing and Spam, but it is prudent to issue frequent reminders via training courses that highlight traps that are all-too-easy to fall for. Here are just a few to include:

  • Be wary of requests for sensitive information via email
  • If it’s questionable, don’t click on it
  • Unusual spellings or obvious spelling errors are telltale signs of phishing
  • Double-check the mail address if it contains domain emails
  • If you are not sure, validate via a phone call with a trusted source

Develop an Acceptable User Policy (AUP)

An AUP lays out specific constraints and practices that a user must agree to before they can have access to a corporate network or website. It is common for businesses to require that an employee sign an AUP before getting a network ID. AUP requirements can include:

  • Not using the service for criminal activity
  • Posting no commercial messages without company approval
  • Being forbidden to send or forward junk mail or chain letters

Require Strong Password Training

Impress upon and regularly remind staff that passwords are only effective if properly managed. Your password policy should require:

  • At least three upper and/or lowercase letters, punctuation, symbols, and numerals
  • A minimum of 8 characters
  • Be hard to guess (Avoid “123ABC##”, “Password1”, etc. or including your name)
  • Expire on a set date, be replaced, and never used again (aging)

Teach Employees to Report Problems

The key here is to have a point person for employees to go to when they suspect phishing, Spam, or some other cybercriminal activity. Typically this will be a senior IT professional who will determine the next steps, who to notify, and conduct the investigation.

Give Remote Access and Wi-Fi Training.

With remote working now a permanent feature in the business world, reliable and secure means, processes, and tools are essential, and employees must be properly informed. Training should include VPN (Virtual Private Networks) and/or VDI (Virtual Desktop Infrastructure), applications, as well as other tools for secure teleconferencing. Bandwidth and security factors should be strongly stressed when choosing a remote access application. Multifactor authentication should be enabled where possible.

Alexander Moshinsky, Director of Operational Advisory and Risk Management at Berdon LLP, brings more than 30 years of experience in the financial services, real estate, and other sectors — working with major institutions and government regulatory agencies including broker dealers and dark pool network operators.

Back to all CPA Chat Blogs

Share: