4 minute read
Protect your Business from Cybersecurity Threats
October is Cybersecurity Awareness Month
Since 2004, the U.S. President and Congress have declared October Cybersecurity Awareness Month in an effort to help individuals and businesses protect themselves online as threats to technology and confidential data become more common. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.
This year’s campaign theme —“See Yourself in Cyber”— demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. And for companies, it’s all about employees.
Every year marks another ‘worst year ever’ for cyberattacks. The good news is that an estimated 93 percent of all breaches can be avoided if simple processes are put in place. From regularly updating software, training employees on the ins and outs of email phishing campaigns, and implementing multi-factor authentication, there are many effective ways of preventing cybercriminals from getting what they want. Cyberattacks are constantly evolving, but businesses should be aware of the most common types:
MALWARE—software intentionally designed to cause damage to a computer, server, client or network. VIRUSES—harmful programs intended to spread from computer to computer (and other connected devices), giving access to your system. RANSOMWARE—infects and restricts access to a computer until a ransom is paid. PHISHING—uses email or a malicious website to collect sensitive information; usually appear as though they’ve been sent from a legitimate organization or known individual.
Andrea Hogan, CEO of Fencing Supply Group, has first-hand experience in dealing with cyberattacks. In her previous position as CEO of Merchants Metals, her company faced two major attacks in a two -year span. One from a phishing email that resulted in compromised confidential information and another from a combination malware/ransomware attack. “In both of these cases, the emails that launched cybercrime looked completely innocent and legitimate. Also in both cases, recovery from the attacks involved a great deal of time and expense. We learned some valuable lessons and our company now has extensive security in place, along with routine employee training, to prevent these types of attacks from being successful. However, we know from the software we now have in place, that attempts are made against us every single day.”
She shares a story of a one recent phishing email that got through but was not successful. “An employee received an email from me saying I wanted to surprise some employees and asking her to buy $1000 of Amazon gift cards in different denominations. The email – that looked like it was from me, remember – asked her to let them know when she had the card. She didn’t feel right about this for some reason – thank goodness – and asked me about it before purchasing the cards. I can only assume if she had purchased them and let the fake emailer know, she would have been instructed to email the cards somewhere. And this is just one example of the types of scams going on out there.”
Hogan says the bottom line is businesses can no longer afford to place cybersecurity at the bottom of the budget—not with cyberattacks targeting any business, regardless of size, every day. “No one is immune, not even small mom-and-pop shops. Here’s another recent example: The owner of a small family-owned business was speaking to someone in our credit department and happened to mention he had just paid our invoice online. The amount he mentioned was tens of thousands of dollars. Our employee knew we would not have sent a request asking for online payment of that amount and told him so. After they quickly looked into it, they realized it was a fraudulent invoice that mimicked the look of our invoice and email. Fortunately for this small business, the payment was able to be stopped. That is not typically the case.”
SOME CYBERSECURITY BEST PRACTICES:
TRAIN YOUR EMPLOYEES. Employees and emails are the leading cause of data breaches and are a direct path into your system. Employees should be able to spot a phishing email, use good browsing practices, avoid suspicious downloads, create strong passwords, protect sensitive customer and vendor information, and maintain good cyber hygiene. They should also feel comfortable speaking up and asking questions when they aren’t sure if something is legitimate.
GET CYBER LIABILITY INSURANCE. A cyber insurance policy covers financial losses in the event of a cyberattack or data breach. It can also help cover costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and refunds to customers.
PROTECT AND BACKUP DATA. Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resource files and accounts receivable/payable files. Try to do this at least weekly and store the copies either offsite or on the cloud. This will be invaluable in preventing a work stoppage if your system is compromised. CONTROL PHYSICAL ACCESS. Prevent access or use of business computer and devices by unauthorized individuals. Make sure a separate user account is created for each employee and require strong passwords. Enable multi-factor authentication. Administrative privileges should only be given to trusted IT staff and key personnel.
SECURE PAYMENT PROCESSING. Work with your bank or card processors to ensure the most trust and validated tools and anti-fraud services are being used. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the internet. Require multiple, in-person or verbal confirmation for online payments.
“Being proactive when it comes to cybersecurity is the only way to protect what you’ve worked hard to build,” stresses Hogan. “It’s worth the time and investment to put these measures into place.”
