It’s 7am – you have just arrived at the office. As your usual daily routine entails you do your morning email check. Clicking through emails one-by-one, you action the important few. You reach an email from a supplier that is branded with the company logo and includes an invoice attached. You open the attachment only to find that it contains malicious content that has now put a virus on your computer (I know… very dramatic).
I’ll be the first to admit that this is certainly not the best story ever told. However, the point of it is less to entertain and more to depict just how easy it is for you or an employee to innocently jeopardise the security of your trade business, risking the confidentiality of your intellectual property, financial information and customer/employee/personal information.
But, what if (going back to my Spielberg worthy story line for a second) you were already trained in pinpointing spam emails? What if you had systems in place that told you whether or not you should be expecting this invoice? And, what if you knew the appropriate steps to take in order to confirm the legitimacy of this email?
Well the answer to these questions is simple… You would have known not to click that email (yay, no virus), and instead called the supplier to cross check that this email is from them.
Protecting your trade business from cyber crimes is all about creating awareness in your workplace surrounding the issue of online threats and how to avoid them. This comes down to empowering yourself and your employees with training, policies and procedures. Here are some examples of this…
A prerequisite to creating an account for anything is a username and password. Train your employees to get the most out of this security measure with these tips:
- Vary passwords for different accounts – a hacking of one account can far to easily lead to a hacking of all!
- Form passwords with a combination of letters and numbers
- Make passwords at least eight characters in length
- Limit the amount of people that know passwords
If you’re worried about remembering passwords store them on a password database utility.
Using a critical eye when going through emails is paramount in differentiating spam emails from legitimate ones. If you are unsure, do not click on any attachments or action requests without first investigating their legitimacy. This may mean a simple call to suppliers, payees etc. to confirm it. Make sure you get their contact number off their actual website, not the email.
Suspicious emails often, but not always, have the following characteristics:
- Spelling and grammar errors
- Urgent/immediate payment or other action to be taken
Ask for personal information
Security measures can also be taken to ensure the safety of your email account itself. Two factor authentication would be one of the easiest was to do this. Two factor authentication involves signing in with your usual password and then signing in with a code that is sent to your phone.
Create policies that stipulate what employees can download, access and store on their work devices. Train employees on the ‘why’ behind this.
Install anti-malware/anti-virus software/firewall etc. and keep them updated. Unfortunately, cyber criminals come up with ways around these protective measures so updates are vital in ensuring optimum security. When it is not possible to automate these updates, teach employees how to check for and perform these updates themselves.
Back up all your important information on an external hard drive or in the ‘cloud’. This will weaken the blow should you experience hacking or a virus that affects your files.
If you use a job management system or a customer relationship management system it’s also a good idea to be aware of how these platforms protect against these risks as well.
Last but not least, keep on top of the latest cyber security risks. A great place to start is by signing up to Government email alerts on the matter.
As we mentioned early, it’s way to easy to fall victim to online crimes and with the huge associated risks involved it makes sense to train employees on policies, procedures and best practice to defend against these.
For MORE, check out our FREE membership site. Simply click here to ‘sign up’ & receive your unique logins.
- Join our Kick-Ass Tradies Facebook Group, for access to trade business specific conversations, tips and resources, plus a like-minded community of tradies.
- Book a 15-minute Game Plan Call with Andy, owner of Dr. DRiP plumbing and co-founder of Lifestyle Tradie, to clarify your priorities and get clear action steps.