Guest Post by Craig Petronella
The cyber warning bells have been going off for almost a decade now, but they seem to be falling on deaf ears.
Cyber security in the US government is severely lacking, but so is the cyber security in our public sector. In fact, US businesses are lagging so far behind, our Secret Service even issued a security alert in response to the number of cyber criminals targeting employees who are working from home because of the Coronavirus.
Have we mentioned that hackers have ZERO shame?
In this dangerous environment, you need to take control and make sure your employees do all they can to secure their home offices, or they may not have a job to work for. You may think they have done everything possible to secure their home computers, but that is extremely naive, and it’s not reality.
Average Cost of a Cyber Attack is $200,000
Did you know that an ordinary, run-of-the-mill cybersecurity attack costs a small business, on average, around $200,000.
As if that wasn’t bad enough, of those businesses who find themselves on the losing end of a cyberattack more than half of them end up shutting down permanently. In under six months.
If you own a small business you should find these statistics unsettling at the least, and terrifying at the most.
With a lot of employees staying home and working rather unexpectedly, it didn’t give IT departments all that much time to secure home office spaces.
Fortunately, there are a number of actions you can take to protect yourself, your employees and, ultimately, your business:
Limit employee use of remote access. This should only be used when absolutely necessary, and if they do have access, they need to be instructed to disable it ASAP. Why? According to the FBI, this is the most common way hackers gain access to businesses’ networks, allowing them to wreak havoc by setting ransomware free. It is YOUR job to make sure your company’s ports are secure.
Train your employees on Cyber Security. It isn’t safe to assume that your employees know how to detect potentially unsafe cyber threats. In fact, if it weren’t for human error, hacking would be much more difficult. What do I mean by that? Well, only a human can click on a phishing email, but if they are trained to spot red flags, they’re a lot less likely to accidentally unleash a malicious virus. If you don’t take the time to properly train all your employees, you only have yourself to blame.
Ensure every device on your network is secured with PROACTIVE antivirus software. Note the highlighting of PROACTIVE by capitalizing it and changing the font color to red. That was not an accident. Not only is it recommended by the FBI and the Department of Homeland Security, but I strongly urge small businesses to take this step as well. Proactive antivirals help to prevent the attacks from even occurring in the first place, and you know what they say about prevention versus a cure. Even if you pay a ransom, there is no guarantee that the attackers will actually keep their word.
Work devices are only for work. You have to make this a policy, and there should be potential punishments in place for those caught on sites that aren’t allowed or checking personal emails. In fact, restricting most websites can also be extremely effective. Otherwise, your network is at serious risk of a breach.
Strong password policies are a must. Weak passwords are one of the easiest ways cybercriminals can put your business at risk. There must be certain password rules in place. Complex passwords only: upper- and lower-case letters required, numbers, and special characters. Automatic password changes must be required at least every three months, and they cannot be allowed to repeat passwords.
About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For more information about a cyber-crime risk assessment call: 1-877-468-2721