Insights: Article

Expect the Unexpected- Raising Cybersecurity Awareness in Your Organization

By Karen Andersen

July 29, 2016

What is your first reaction when you hear the words cybersecurity and security awareness? The topic of cybersecurity awareness is frequently mentioned in business, but it can be vague, and many people likely dismiss it quickly as something their organization makes them do, similar to reading a policy. But the right story can help you build awareness of this issue and show just how a little more attention can help create compelling results.

All Together Now
Cybersecurity isn’t just something the IT department does. In fact, it encompasses just about all areas of an organization, including physical security. Everyone has a role.

Being aware means being present and paying attention to what is going on around you. Sounds simple enough, but look around. How many people are aware of what’s going on around them? Cell phones have certainly added to the distraction factor. Perhaps some people are wearing headphones, listening to music. Encouraging individuals, at all levels, to be more aware is excellent advice and an easy way to improve cybersecurity awareness. 

Sounds easy enough, but is it? Awareness is a conscious effort. It is easy to go through the motions of the day on autopilot while thinking about what you would rather be doing. Most of us do this occasionally throughout the day. The goal isn’t to convince people to be negative or pessimistic, rather slightly less trusting. Here is where the potential payoff or benefit can come into play.

Don’t Ignore the Flags
If you received an email from a trusted executive to process a transaction, would you automatically do it? What if the request seems out of the ordinary? Perhaps the email states why the request is needed, which negates any concerns. The email sender is trustworthy enough, right? Is the business you are transferring funds to a name you recognize? How about spelling? If a business name is spelled incorrectly, would you dismiss it as carelessness or stop and question it?

This is not an entirely uncommon scenario. It is also a technique hackers are using to get recipients to transfer funds, urgently, before the email recipient thinks to question or seek confirmation. The request gets processed as directed, without any questioning. Later it’s discovered the sender’s name was spoofed, it never originated from anyone within your organization, and the money is gone.

This scenario didn’t involve IT, nor is it overly complicated. If you figured it out as you were reading, good for you for thinking a step ahead and chalking a win for cybersecurity awareness. It may seem obvious, but according to recent estimates $2.3 billion has been lost over the last three years using this technique.

A simple solutions is to always request a two-step approval process, or confirmation from the actual executive, prior to sending. It may seem like common sense, but it does require individuals to be aware. If it wasn’t effective, the “bad guys” wouldn’t keep trying to lure unsuspecting employees.

Part of the Solution
If you’re still reading, you just participated in cybersecurity awareness. Sharing examples, educating employees, building awareness, and making the topic interesting are easy ways to help increase any organizations cybersecurity profile.

Latest Insights

September 21, 2018
Article
In the wake of hurricanes, devastating results have been experienced by communities and businesses throughout the Texas Gulf Coast, Caribbean, Florida and southeastern United States. As a result of these catastrophes, businesses will turn to…
September 20, 2018
Firm News
Eide Bailly LLP announced the winners of its 2018 Nonprofit Resourcefullness Awards, recognizing creative and sustainable revenue ideas from nonprofits in Arizona, Colorado, Minnesota, North Dakota and Utah.
September 19, 2018
Article
The IRS has started sending out Letter 5699 asking businesses to verify if they should have filed Forms 1094/1095-C. These forms are required for all ALEs.
September 19, 2018
Recorded Webinar
Are you considering doing business or having employees in Pennsylvania? Have you had issues with your state tax filing? Join our state and local tax team for some helpful insights into Pennsylvania tax filings.
September 19, 2018
Recorded Webinar
Are you considering doing business or having employees in Nevada? Have you had issues with your state tax filing? Join our state and local tax team for some helpful insights into North Dakota tax filings. This webinar will cover registration,…
September 19, 2018
Recorded Webinar
Are you considering doing business or having employees in North Dakota? Have you had issues with your state tax filing? Join our state and local tax team for some helpful insights into North Dakota tax filings. This webinar will cover registration,…
September 18, 2018
Article
As the largest tax reform legislation in the past 30 years becomes reality, it is important to stay up-to-date on planning opportunities and how reform may impact you and your business. Our Tax Reform: Practical Insights examples aim to break down…
September 18, 2018
Tool
Get ahead of tax season with the Eide Bailly Tax Planning Guide. A supplemental strategy guide to help guide year-end and make the tax laws work for you.
September 18, 2018
Article
The SCOTUS Wayfair decision has prompted a new focus on state and local tax compliance. The decision to register, report, and comply is important.