When it comes to building cybersecurity strategy, employees at an electric cooperative can serve as the first line of a strong defense. (Photo By: Getty Images/iStockphoto)
The average workplace must guard 5,000 vulnerabilities—from laptops to digital printers, phones and other devices—while a cybercriminal need only exploit one.
Employees at an electric cooperative may serve as the first line of a strong defense.
There are three typical avenues for malware to violate a system's integrity: email or other social media, internet browsing, and USB thumb drives.
Email phishing is the single most effective way to remotely break into a network or steal company data. Cybersecurity firm Symantec reports that, on average, one in every 127 emails were malicious in 2016. Any email asking you to take an immediate action should be treated with a healthy amount of skepticism.
If someone is asking you to open an attachment, click on a link, make a transaction, or provide information, you should have had recent communication with the person or company. Were you expecting this email? Does the request make sense? Hover over the links to make sure they are what they claim. Otherwise, delete the email or report it to your IT staff.
Intrusion through internet browsing is a patient game of chance. Cybercriminals cast their net wide to infect popular websites and snag victims lured in through search engines and advertisements.
It's known as a "water hole attack." The process is like a crocodile concealing itself in a favorite watering hole hoping for some unsuspecting wildebeest to chance by. Protecting yourself from this type of attack is straightforward: Don't drink at too many waterholes.
Then there are USB thumb drives, long a favorite for spreading malware. If an attacker can't get in through the firewall, why not try the side door?
One of the most famous cyberattacks occurred in 2010 when vendors brought an infected USB thumb drive into an Iranian nuclear enrichment facility. The attackers were able to remotely take control of a network with no internet connection.
Despite the best efforts, cyber intrusions still happen, and it's important to remember the victim is not the perpetrator. If a thief broke into your co-op and stole significant data, we wouldn't blame the employee.
Yet, employees often feel guilt and shame from falling victim to a cyberattack.
Good cybersecurity culture encourages reporting possible cyber intrusions immediately without fear of reprisal. Any damage should be attributed to the cybercriminal. Focus on containing the damage and bolstering defenses to minimize the risk of the next cyberattack.
Cybersecurity is everyone's job.