Act Now to Prevent Cybercrime From Damaging Your Business

Ransomware

Cybercrime has been making headlines for many years and this year is no exception.  Recent attacks to the Colonial Oil Pipeline and the JBS Meat processing plant have been leading news stories.  These are not just important because they are attacks on critical infrastructure and a view into what an aspect of future warfare may look like.  They are also the first attacks that admit the fact that ransoms were paid, and the ransom amounts were made public.  Colonial paid $5 million and JBS paid $11 million worth in bitcoin to retrieve their information.   These are large organizations with sophisticated IT teams, and they paid the ransom!   

What will you do if hackers lock up all your files and systems?   
It is likely you may have no choice than to pay the ransom.  It may not be $5 million but it will certainly be $25K – $50K.  If you think that hackers aren’t interested in your company, think again.  You are the primary target for cyber criminals!   

  • 75% of attacks target small businesses 
  • In 2020 there were 4.8 TRILLION Intrusion Attempts 
  • In 2020 there were 204.5 MILLION Ransomware Attacks 

Our team has personally worked with numerous vending and food service companies and other small businesses who needed to migrate to the cloud in an emergency and salvage data they had to keep the business running after experiencing a ransomware attack.  Unfortunately, embarrassment prevents most companies from discussing this publicly. However, this is very common in our industry; it is costing companies much of their cash plus lost sales, wasted wages spent and huge IT recovery efforts.  It doesn’t matter which applications you use, there are risks to your business that hackers are trying to exploit. 

Why do hackers target small to mid-sized businesses? 

  • You hold or transmit valuable information. 
  • Customer information/credit information. 
  • Employee W2 & Bank Information. 
  • Business Banking Transactions.
  • You manage thousands of unmanned payment devices. 
  • You have noncomplex IT environments.
  • Most companies don’t employ a CIO or CSO. 
  • Your routers and firewalls are unmanaged. 
  • Local and cloud servers expose risk. 
  • Data security policies are weak or nonexistent.
  • You are able to pay a ransom. 
  • You may not have an extra $25K but if you needed to come up with it to save your business, you likely can. 

Hackers are working hard to compromise your network and your devices to get access to your data.  The good news is that you can prevent cybercrime from affecting your business.  The best approach to avoid cybercrime from affecting your business is to focus on prevention rather than reaction.  I also know that you don’t want to spend any money so we will give steps and suggestions for all budgets.   

You can prevent cyber-crime in your business. START NOW!  
Experts will tell you to devise a robust written data security plan. And you should! But let’s face it. If you wait for a robust written plan, you will likely experience an attack while you wait. You just need to do it! It’s like everything in life that requires effort for a seemingly intangible outcome. Exercise and healthy eating, investing for retirement, becoming and influencer on TikToc. Just get started. 

Stop sharing passwords and logins.  
It does not matter if you’re not a computer guy. If you are responsible for your business, you need to be on board and held accountable as much as members of your team. 

Change your passwords.

  • 60% of people use the same passwords for everything according to informationsecuritybuzz.com. 
  • The Verizon Data Breach Report cites that 81% of hacking-related breaches leveraged either stolen and/or weak passwords, up from 63% reported in previous years.
  • To make your passwords stronger, make them longer.  They no longer need to be changed monthly. 

Implement Multifactor Authentication (MFA) 
MFA is a simple way to add a second level of security to your systems. Key applications that MFA should be enabled immediately are: 

  • E-mail to prevent hackers from accessing your systems. 
  • Office 365, especially admin accounts. 
  • Remote VPN access to your business network 
  • Any financial application or web site, personal and business. 

Rely on and communicate with your payment systems vendors.  
They are investing in and working hard to ensure that you can confidently tell your customers that they are securely sending payment and sharing their data with you. 

Communicate with your team!  
Let them know to be cautious when opening external emails, when connecting to the company network from home, and when handling sensitive data. 

Assign a data security lead like what many companies do with workplace safety. It does not necessarily have to be the IT guy, but someone who can discuss data security with IT, finance and operations and diligently hold meetings and research and report on the topic. 

Update & upgrade. 

Anytime your vendors require updates to payment systems, make sure you pay attention, especially if updates include security patches.  

Update your operating systems and software as updates become available. A recent major breach was caused by a known vulnerability in a remote VPN software.  The software company released a patch that solved this, but it was not implemented by the company.  Engage a professional IT team to monitor and handle this for you. 

Make sure your firewalls and network switches are being managed by an IT professional and updated as required. If your equipment is 3 years old or more, consider upgrading. If you know it’s time to upgrade, do it NOW! It will cost much less than a security breach. 

Consult a professional.  
Give your IT leader a budget to have an outside team audit your network and processes. Often, your IT team will lack exposure to the latest threats because they are focused on your business. 

Get your servers and data out of your office.  
Speak to a professional about moving your systems and files to a secure cloud service. There are options for all sizes of business. 

Secure your e-mail. 
E-mail is the primary gateway hackers use to access your system.  If you use a professional email system, there are free things you can do to improve your e-mail security. 

Add the <external> tag to e-mails from outside the organization.  This will prevent spoof e-mails from acting as a peer to trick users.

Add multifactor authentication to e-mail accounts.  This will prevent access to users whose password has been compromised. 

Connect Securely with Cellular.

Understand the impact of connecting your kiosk, vending machine, printer or any other device to a customer provided network. Know how the foreign device will act on the customer network.   

If you purchased network devices with cellular modems, make sure someone is logging in to those devices, applying security patches, and updating firmware as required to prevent the possibility of that device being compromised.  Consider secure dedicated connectivity for your devices managed by a team that will remotely connect to the devices and keep them updated. 

Implement Secure Backup. 
Don’t assume your information is backed up or secure because it is stored in a cloud-based platform. 

Office 365 is not natively backed up or secure.  Consult a professional to configure and backup Office 365.   

Make sure your backup is not on the same network as your systems.  It will be a disaster if your backup is compromised when the network is compromised. 

Test your backups.  Consult a professional to perform a test restore and sleep easier knowing your backups will work when needed. 

As our reliance on data continues to grow and our systems are a migration of local and cloud-based systems, it is crucial that you make data security a key part of your business planning. 

July is Summer Security Month at Tech 2 Success. Please visit Tech2Success.com for additional ways to leverage certain technologies and services to improve your business’ position against a cyber threat and get you started on your company’s data security plan. 

Shape
John Hinkey

Author: John Hickey 

John Hickey is the cofounder of Tech 2 Success, an IT and Operations consulting firm that specializes in operations improvement using technology.  Tech 2 Success provides Integrated B2B E-Commerce Solutions, Web Site Design, Internet Marketing, Cloud Hosting and OptConnect Wireless Solutions. To contact John to help with your project or opportunity, visit Tech2Success.com

Connect with John on LinkedIn: https://www.linkedin.com/in/johnhickeyglendale/