Are You Protected?
Cybersecurity is a hot topic with a recent rise in robocalls, email phishing scams, and other digital attacks on our personal information becoming the norm, rather than the occasional annoyance they used to be. With the rise in attempted attacks, there also comes a new level of sophistication. It is often tough for even seasoned technology lovers to be able to easily spot the difference between a phishing attempt and the real thing.
Take AFSA member company Fire & Life Safety America (FLSA) in Richmond, Virginia for example. The company recently faced a cyberattack that took down the business for weeks originating through a phishing scam via email. The attack, launched overnight, managed to take down much of their network before being detected. After the data had been breached, the attackers ransomed the data they had stolen, leaving FLSA in a tough situation, and essentially dead in the water, with much of their day-to-day functions relying on the digital transfer of information.
While ultimately after some discussion it was decided not to pay the ransom for the stolen data, because as Jack Medovich, senior vice president of FLSA cautions: “If we continue to pay these attackers, they will continue to do what they are doing,” recovery has been a slow process. Medovich also shared that despite the attack having happened weeks ago, they’re still working to recover data. He hopes that this cautionary tale will encourage all AFSA members to be more proactive in their cybersecurity in the office.
“It’s no longer a question of ‘if you get hacked.’ It is ‘when you get hacked,’” says FLSA Chief Information Officer Jeff Cannon. “Ransomware attacks, in particular, are expected to increase in frequency and cost. In a common example, imagine no email, no voip systems, no files, no drawings, no internet, no servers, no pc’s, no access control systems, no environmental control systems, no software, no ERP. How prepared are you to keep your business running in that scenario?”
So how can we stay ahead in a world plagued by ever-developing phishing scams? The best way to avoid these problems is to focus on being proactive, not rely on reactive measures, should the worst happen. Here are some of the easiest ways to take proactive steps in improving your cybersecurity:
- Keep your software up-to-date Software is updated often to account for loopholes found by developers that may make your software more vulnerable to attack or infiltration. When updates are released, they often address these problems, so when you see the update icon, it’s best to update as soon as possible. If you can’t update during work hours, set your computer to complete updates when you leave for the day. While the process can be time consuming, it is necessary and will vastly increase your security.
- Password management Practice smart password creation. Don’t use the same password for all of your accounts, mix and match your passwords so that if one account is compromised, it doesn’t risk all of your accounts. The strongest passwords are over eight characters and contain alphanumeric characters as well as punctuation, keeping your numbers and punctuation spread apart from each other in the password.
- Install anti-virus software Anti-virus software is the first line of defense for your information in the digital world. Anti-virus software can detect problems as they happen and help to keep your machine clean of malicious software or notify you if malicious software has been installed.
- Back up your data While everyone is busier and busier these days, and back-ups can take time, they are more than worth the time spent. Backing up your data can be the difference that keeps you from suffering a complete loss in a cyberattack. Hackers often ransom your data and if you don’t pay, you don’t get it back so having back-ups to recover is key to keeping your data. Always be sure to back up important work and documents to outside drives for safekeeping.
- Practice “safe clicking” Does it seem suspicious? Then it probably is! Before clicking on links from unknown sources, be sure to verify the sender, hackers will often mimic the name of coworkers you know and trust, but a dead giveaway will be the email these phishing scams are sent from. In recent years, hackers have even gotten advanced enough to copy signatures, exact title lines, and even make convincingly fake websites that mirror the real thing. So always check the sender and if you have any doubts about the legitimacy of something you’ve been sent, don’t be afraid to call and verify with the sender.
- Review access to your network and applications Staying updated on who has access to your network and application and removing any extraneous employees regularly is paramount to maintaining cybersecurity. Additionally, it is important to keep track of what contractors, subcontractors, or vendors might have access to your network.
- Educating your employees “Employees are our most valuable resource, but they can also be our weakest security point,” says Cannon. Implementing a policy that requires verbal confirmation when your accounting department receives an email request for funds, teaching employees best practices for emailing in and out of the office, and there are even vendors who offer training and testing at low cost for employers to refresh their employees knowledge.
Remember, the key to preventing, or minimizing damage from, a cyberattack is early prevention and proactive thinking about technological safety, rather than reactive. Employing these methods and being a smart browser when using email, the web, and even your cellphone can make all the difference for your company and its cybersecurity.