The state justice department is recommending that businesses take some time to train their employees on basic cyber security.
Special Agent Marshall Ogren says phishing emails that try to get users to log into a phony page are one of the most common forms of attack on businesses.
“People shouldn’t be entering their username and password into a form they don’t trust, or they should double check where they’re entering their username and password.”
Sometimes those phishing attacks get very sophisticated and are specifically targeted at an employee, in a technique called spear-phishing. Ogren says the crooks are after classified or sensitive information that only certain employees might have.
“And what they can do is go into that email account and get email content of transactions that have happened or contract negotiations that’s happening or something like that.”
Criminals can then use that information to try and scam your banking information, or try and get paid by your accounts department using phony invoices.
It’s also important to secure the physical computers at your office. Ogren says that if a criminal or bad actor can get to an unlocked computer or server inside your building, they could get lots of classified info.
“They could have access to the entire network, and if that person is an administrator on their computer, that allows them to run highly sophisticated programs. Programs that could do quite a bit of damage.”
Ogren says it’s best to keep your network’s servers in a secure room, and to restrict the amount of access basic users have at their work stations.