As recent as a couple decades ago, when the average business worried about security, they worried about cashiers sneaking twenties from the register, burglars breaking in at night.
The security landscape has changed a lot since then. Most businesses today require an extensive computer network to operate, and this gives criminals a whole new vulnerability to take advantage of. It’s easier to break into a business over the internet with a few keystrokes than it is to prowl around at night and jimmy a door open or bust out a window.
An on-site breaking and entering… that’s something the cops might be able to take care of. Conversely, cybercrime perpetrators are often overseas in another country, so good luck getting the local PD to take that case on, and the FBI will tell you they have bigger things to worry about.
So maybe you can’t punish these cybercriminals, but what you can do is to be aware of the threats that are out there and know how to prevent them from attacking your business.
It’s impossible to overstate the importance of network security. If you suffer a major breach, not only will your coffers and your reputation take a big hit, but you also may get tangled up in some nasty legal complications. Regulations like The Sarbanes-Oxley Act of 2002, and HIPAA if your business is affiliated with healthcare, call for serious penalties in many cases of data loss.
The most likely threat to affect your business a is computer virus, which is a piece of malicious software (malware) that spreads from host to host, just like a biological virus.
There are many different types of viruses, and they might be used by cybercriminals to steal sensitive information, spy on activities, or wreck your tech infrastructure just for the fun of it. Cybercriminals use many different techniques to get victims to download their Trojans (programs that seem legitimate but actually contain a virus), including:
Be careful of what you open in your inbox. Many emails will promise you the world and instead give you a nasty virus when you download their software (which turns out to be malware in this case).
Don’t get too cocky, either. Some phishers are easy to detect, laced with broken English and impossibly good offers. But there are pros out there too, and they will send you an official-looking email that appears to be from a source you trust.
For example, an effective phisher might impersonate the DMV and convince one of your employees that they will lose their driver’s license if they don’t pay off some trumped-up fines. The email’s language will convince the employee to act now before they have much time to gather the rational thought needed to not download software blind, communicating something to the effect of “Just download this DMV-approved payment software, and we’ll make sure that you don’t get pulled over and slapped with a $1,000 fine plus a month in jail for Driving with a Suspended License.”
The point is, make sure your employees are vigilant. They should not be taking any chances on an email they’re even halfway suspicious about.
The vast majority of employers don’t approve of their employees using torrent software like FrostWire and BitTorrent for downloading music and who knows what else… but there are enough employees that ignore such policies and use torrent software anyway for it to be a notable issue. One study found that 4% of employees download torrents at work. That means all it takes is 25 employees for it to be a reasonable assumption that at least one employee is downloading torrents.
This is unacceptable. It’s difficult to tell where a file originates when you download it over FrostWire or some similar program. Every time an employee downloads something this way, it puts your network at significant risk.
Also, even if the employee doesn’t accidentally download a virus, the act alone of illegally downloading copyrighted material via BitTorrent could be red-flagged by your ISP and lead to your Internet getting shut down.
Everyone loves a good mystery. When the average person finds a USB drive on the sidewalk, it’s just human nature to want to see what’s on it. Many cybercriminals are aware of this curious behavior, and they will exploit it by leaving a USB thumb drive in a company parking lot loading with malware of their choosing.
Believe it or not, this somewhat goofy method is incredibly effective: more than a third of employees that find a USB stick on the ground on their way to work will plug that USB stick in at the office. If that USB stick has the company logo on it, a vast majority of people pick the stick up and plug it in.
One of the more recent developments in IT threats is ransomware. When ransomware gets into a computer, all the data on it gets locked behind an encryption. The only way the victim can access their information again is to cough up a one-time payment, usually somewhere in the $200 to $600 range.
It’s estimated that less than 1% of ransomware victims actually pay off their captors, but that’s a high enough percentage to motivate cybercriminals to still use ransomware. In all, companies that opted to pay the ransom generated millions of dollars for cybercriminals worldwide.
If you’re hit by a rootkit, then you’re in for a real treat. Rootkits are designed to go undetected, so you won’t even know have a problem when you do. Once the rootkit is installed, it allows cybercriminals administrative-level access to the victim’s computer. Complete control.
Cybercriminals can do all kinds of things with a good rootkit. Some use rootkits to turn other computers into extra seeds for their files on BitTorrent, and we already went over why you don’t want any torrents downloaded at your workplace.
Antivirus Software and Firewalls
Antivirus software and firewalls won’t stop everything, but just because they’re not perfect doesn’t mean that they’re not useful. Think of them as your first line defense rather than your entire strategy.
A big brand you’ve heard of like Norton might not actually offer the best protection for your business… there are programs highly respected in the tech community that aren’t known as well to the average user, such as Kaspersky and BitDefender. Consult with an IT specialist like CTECH Consulting Group to determine which antivirus software is right for you.
Many of the threats we previously mentioned can be easily diverted by an appropriately-trained employee. They need to be trained to not download anything on their work computers from a source they are not 100% sure about. It’s also important that you make it abundantly clear that using torrent software will not be tolerated. Don’t hesitate to go as far as terminating an employee on first offense of downloading torrents on a work computer.
Oh yeah, and if you see an abandoned USB stick somewhere in the parking lot, just let it be. Better yet, pick it up and throw it out. That way the thumb drive won’t be there for another employee to discover and absentmindedly plug in to the network.
Remember that any money you dedicate towards training is an investment, not an expense. A few dollars now for substantial training can save you from a massive financial disaster down the road. CTECH Consulting Group will help you leverage the best training focused on your needs and designed to fit within your budget.
Backup and Recovery
There are many cases in which the difference between being ruined and being fine is whether or not you have a backup in place. Consider the case of ransomware: with no backup in place, you can only choose one of two bad options. Option A is to go ahead and pay the ransom and support cybercriminals who are undoubtedly holding other computers hostage as well. Option B is to refuse to pay and lose potentially sensitive information/many hours of work.
But if you had a backup in place, you are able to act beyond those options. You can ignore the ransom-takers request for cash and know that anything lost can be restored like new.
On-site backup is a decent solution, but you can do better. Fire-proof safes are only meant to protect paper documents from the intense heat of a raging inferno. If you store you backups on tape drives in such a safe, they can still be ruined.
If you aren’t already connected to the cloud, it’s about time you do so. Renting out someone else’s server space and accessing it remotely is much cheaper than maintaining servers on-site, and it offers you protection even if your office is completely leveled by some freak event. Discover how easy a backup and recovery strategy is with CTECH Consulting Group leading the way.
Virtual Private Networks
Setting up a virtual private network (VPN) for your business’s computers allows you to take advantage of the convenience of the internet while eliminating some of the security risks. VPNs are especially useful for businesses with remote workers.
Those remote workers may be relying on unsafe public hotspots, like the ones you find in any Starbucks or Burger King these days. A VPN uses encryption and other protocols to allow remote workers to use some random Wi-Fi without having to worry about putting their company’s security at risk.
Network security is more important than ever before. Your valuable data is at risk from cybercriminals drooling at the thought of holding you hostage, and you could be out for massive damage fees, destroyed productivity, and ruined reputation from even a single data breach. Don’t leave yourself vulnerable – contact CTECH Consulting Group at (403) 457-1478 or email@example.com to schedule a security assessment and stop cybercrime in its tracks.
Have questions about your IT security? Call (403) 457-1478 or email us at firstname.lastname@example.org to learn more.