October is National CyberSecurity Awareness Month and it’s a perfect time to review your association’s security procedures—starting with employee education. An organization could spend hundreds of thousands of dollars on deploying top-notch CyberSecurity tools but without proper training of end users, it’s useless.
Educating staff on the “why” of CyberSecurity is critical. Employees need to understand the potential risks of a cyber-attack—from financial damage to layoffs to a ruined reputation.
Many of you have heard the term “social engineering” but you might not understand it’s meaning. Social engineering is one of the most common scams encountered by employees. This type of attack uses manipulation and human psychology to trick people into making bad decisions. But as a CFO or financial executive, what can you do to help?
Providing employees with real-world examples of social engineering is one of the best ways to educate and train them to spot these scams before they become a problem:
- “Microsoft” calling because a machine isn’t updated
- “IT department” calling to reset your password
- Company’s “CEO” sends an email to the controller asking to wire funds
- A USB flash drive is found on the floor
If your association doesn’t have the right CyberSecurity policies and procedures in place, hiring a professional can help you start building a protection program. By blending technology, training, and a common-sense setup, CFO’s can lessen their organization’s chance of encountering a cyber-attack and being compromised.
The original article appeared in Association Trends. Click HERE to view the blog.