When it comes to cybersecurity, your employees are simultaneously your biggest benefit and your most glaring weakness. This can be outlined in the telling of one story that emerged from automaker Tesla. Let’s take a look at the particulars.
In August 2020, a Russian businessman was indicted on charges of conspiracy to intentionally cause damage to a protected computer after he attempted to recruit a current Tesla employee to install malicious software on the automaker’s Gigafactory network.
According to court documents, the hacker, 27-year-old Egor Igorevich Kriuchkov, contacted an unnamed Tesla employee who he had previously come into contact with in 2016. Using Facebook-owned messaging app WhatsApp, Kriuchkov set a meeting with the employee on August 3, 2020. At this meeting Kriuchkov offered the employee money to help him steal data from the company with the use of malware.
The attack was to work as follows: they would simulate a Distributed Denial of Service (DDoS) attack and with access provided by the employee, Kriuchkov and his associates would infiltrate the network and steal data, at which point, the hacking team would demand a ransom for the stolen data.
Court documents suggest that when Kriuchkov attempted to follow up with the employee to smooth out the details, they weren’t alone in the meeting. The employee had reached out to the Federal Bureau of Investigation. The FBI surveyed the meeting, where Kriuchkov repeated the particulars of his proposed scam and admitted that his hacking collective had stolen from other companies, with the help of sitting employees. The employee also received assurances that one of his/her coworkers could be blamed for the breach.
Ultimately, the FBI collected enough evidence against Kriuchkov to make an arrest. He now faces up to five years in prison.
This outlines just how important your employees are to your business’ data protection and cybersecurity initiatives.
Education is a big deal. If you want someone to do something proficiently, they’ll need training. Here are a few suggestions on how to make cybersecurity a priority to your staff.
To ensure that you have the best chance to ward off insider threats, make cybersecurity a priority. In doing so, you will unify your team’s efforts to help protect your business.
Cybersecurity is a big issue. It’s not as if one thing will protect your network and infrastructure from all the threats it faces. To get help from your employees, you will need to commit to educating them on the threats they could encounter in their day-to-day routines.
Sure, it is helpful to train your staff on the cybersecurity best practices, but without context chances are it won’t stick. By telling them what could happen as a result of negligence, you can get their attention. The more they understand how their actions could cause major problems for your company, the more they will be diligent to ensure to do the right things.
If you would like some help figuring out your company’s security training platform, or if you need to talk to one of our consultants about getting some security tools designed specifically for your company, we can help. Call us today at 661-840-8707.
Owner Operator of ATECH MSP