The Employee Role in Cyber Safety

Common wisdom about hacking and corporate systems is that if you have not been hacked yet, you will be at some point. There are things that you can do to reduce the possibility and severity of such an attack.  In security circles this is called reducing the attack surface.  One of the largest attack surfaces is your people, and since you do not want to get rid of your people, you can reduce the attack surface through proper employee cyber safety training.

There are active and passive techniques your employees can use to spot and counter cyber threats:

Active: Know what to do when faced with a threat. This may include knowing what to do with a suspicious attachment.

Passive: Learn to spot a suspicious attachment, and to distinguish it from a legitimate attachment.

Active: Contact the designated security point of contact (POC) in the event of an attempted security breach. Chances are good that if a hacker fails to get through security with one employee they will try with another.

Passive: Note mistakes a hacker will make. Hackers are intelligent people, but they are not perfect. A hacker may learn the names of internal systems just by listening closely to a support call or asking innocent sounding questions. They may then call back and refer to a system by name and ask for a change. They may be good, but probably won’t be perfect.  They’ll make mistakes in their assumptions about the system, and that should arouse suspicions.

Active: Don’t correct a caller about the capabilities of an internal system.  A hacker will learn from speaking to you and call back sounding more authentic than he or she did the first time.

Passive: Don’t identify systems by name. An employee may ‘open a ticket’ for a customer, but should never refer to a system by name and function.  Otherwise a hacker may call an employee and ask for a system change by name and even field. A hacker asking to change permission in the TEOS field to 200 sounds credible, and may well get their wish.  The hacker can only do this if they have had exposure to another employee who identified a system and function by name.

For more information on employees and cyber security, please contact us.