When Marcin Klecyznski was 18, he developed an incredible passion for fighting malware, that horrible stuff that hurts your computer when you are trying to download the newest episode of Game of Thrones. And it's not just a problem for consumers, major businesses are falling victim to troublesome malware attacks as well. Today, at the age of 26, his company employs 350 people in 14 countries, and protects more than 70,000 businesses from infection.
But it hasn't been easy. Every CEO knows that constant improvement is crucial to maintaining success. For Marcin, this is even more paramount. In 2015 alone there were millions, if not billions, of new malware mutations. This means that there were millions of new problems for Marcin's company, Malwarebytes, to solve and hackers are showing no sign of slowing down.
In a recent interview, I asked Marcin to talk about some of the biggest lessons he has learned as a young CEO.
"Most surprising was how crucial effective communication is among your team, especially in today's threat landscape," said Marcin.
You might be surprised to hear that Marcin and his executive team nearly got duped last year by a common hacker tactic: phishing.
A few months ago, Marcin received several cryptic emails from his CFO, Mark Harris. The emails asked Marcin if he had approved a "wire template" that Mark requested. Marcin received the email quite a few times, but didn't think anything of it. The following morning, Marcin received a final request from Mark to confirm the transfer. Luckily, that's when Marcin began to discover that the emails were fake. He had almost fallen victim to a well engineered spearphishing attack - one that would have cost the company over $50K.
This could happen to any business, and effective communication is crucial in preventing these kinds of attacks.
Marcin shared 3 of pieces of advice for how to improve communication and strengthen security awareness among your team:
Employees are often the weakest link in the security chain. Educating them on best practices for data security needs to be a fundamental part of your internal communications. Make sure that everyone understands exactly what kind of emails and documents they should expect so that they may better identify anything that might be malicious. This is especially important among your executive team. Smart cyber criminals will go after individuals with the most access to company assets first.
2. Always seek confirmation
According to PhishMe.com, 90 percent of victims fall for email scams the day they are sent. Hackers are getting extremely good at social engineering. Phishing emails have recently been found to contain very personal details, including last names and credit card information to make them appear even more convincing.
When sharing any financial or business critical information, make sure to ask for verbal or personal confirmation. Today's criminals will find just about any way to make their ploys believable. We should never underestimate their persistence and their level of investigation.
3. Nothing changes when you leave the office.
In today's world, the boundaries between home and office are nonexistent. But accessing email and files outside of work can put company information at risk, if not done intelligently. Be sure to provide mobile and remote workers with straightforward policies and procedures, security and authentication software for mobile devices and adequate training and technical support to ensure your data remains safe.
Poor communication among teams is often a company's weakest link. You never know how or when you will be attacked. Letting your guard down just one time can put you in a very costly situation.
Has poor communication ever put your company at risk? What happened? What did you change to prevent it happening again? I'd love to learn more. Comment below!