Letter from the Editor
Why Cybersecurity Awareness Month Is All About The Individual
Not long ago , a prominent CPA firm called me and told me they were hacked . I asked what had happened . “ It ’ s kind of a funny story ,” they told me . A new employee – probably full of first-week nerves – got a text from the company ’ s managing partner asking him to purchase $ 2,000 in gift cards from Best Buy . “ Scratch off the silver strip ,” the text explained , “ and send me the numbers .” The employee ( not wanting to disappoint the MP ) stopped in his tracks . “ I ’ m embarrassed to say this , but I don ’ t have $ 2,000 ,” he responded . “ How much do you have ?” his ( supposed ) employer texted . “$ 1,600 ,” the kid said . “ Buy $ 1,600 in gift cards then ,” the text directed . He did .
When he got back to the office , his boss asked where the heck he ’ d been all day . He pulled out the gift cards and explained . Instantly , the new employee ’ s boss noticed the red flags . He ’ d been scammed . Thankfully , the kid hadn ’ t scratched off the strips , so the company bought the gift cards from him to hand out at Christmas . They immediately called me to let me know what had happened , and we fixed them up .
Thankfully for this company , it didn ’ t go beyond purchasing gift cards , but it ’ s not a unique story – and it ’ s not just new employees who make mistakes either . Everyone does . That ’ s why each October since 2004 , CISA and NCA host Cybersecurity Awareness Month . Though the CPA firm probably had a good laugh at the new hire ’ s expense , no one thought he was stupid . He made the mistake of not verbally verifying before moving money . Verification is a straightforward thing everyone should do to prevent getting hacked . Still , there are four other actions that Cybersecurity Awareness Month highlights this year that I think are critically important and easy for everyone to do at the individual level .
1 . Think Before You Click : Don ’ t open any attachments you aren ’ t expecting , even if you know the person . It ’ s the same with texts – stop and think before you respond to a text or email requesting to move money in any way . If the request is for money or to provide personal identifiable information , your policy should be to make a phone call to the requesting party .
3 . Create Strong Passwords : Use all the bells and whistles like letters , numbers , and special characters and manage them with a password manager .
4 . Use Multifactor Authentication : This is gigantic . Business email compromise is a huge problem , but MFA makes it a lot harder for hackers .
Cybercrime is exploding ; today , it ’ s a $ 6 trillion industry . By 2025 , it ’ s expected to be worth $ 10 trillion . Why ? Because it ’ s working . Most of the time , companies are hacked because of mistakes individuals make . Not because you , or anyone else , is stupid , but because criminals are clever . The good news is that if you do the four actions above ( which are free or very affordable ), you can seriously reduce your risk of becoming a victim , damaging your reputation , or paying the enormous cost of ransomware recovery , which today is upward of $ 900,000 all-in . There ’ s a lot more you can do to protect yourself , which I can help you with when you ’ re ready . But these four things are basic and highly effective ways to keep hackers at bay that every single person at your company can do . Share this reminder with your team and start off the fourth quarter of 2022 strong by making it harder for criminals to hurt you .
Sincerely ,
Konrad Martin Co-Founder and President , Tech Advisors
Konrad Martin Co-Founder and President ,
Tech Advisors
2 . Update Software Immediately : When developers send an update , it ’ s because they ’ ve patched an important hole that criminals WILL find . Don ’ t wait .
WWW . TECH-ADV . COM | 3