Cyberthreats can take many different forms. In our May blog post we described some malware threats, including phishing. Many people aren’t aware of what to watch for so it’s important to explain to your employees what phishing, viruses, ransomware and other types of malware look like so they recognize the threat and can act immediately. Let employees know exactly what actions they should take when they observe something suspicious.

Training and education are one of the most important factors we’ve seen impact cybersecurity. Companies we support that call us about any and all suspicious activity on their computers/networks have fewer incidents. Their employees are educated to be on the lookout.

This doesn’t prevent all attacks. Targeted scams are becoming more common. Educating employees to be suspicious of potentially fake emails, texts and phone calls is critical. Scammers have gotten very clever and know the names and email addresses of the boss or head of sales and pretend to be them, or they may have hacked the email account of one of your customers.

Guides for being aware of and responding to suspicious cyber activity, behavior and materials to display in your office are available from the Homeland Security’s “Stop.Think.Connect.” campaign.

Obviously, no one wants to fall victim to a cybertheft, but if your business does suffer an attack, a well-planned incident report plan can help minimize damage. An incident report plan includes a set of actions and instructions to help you respond to an IT attack incident and actions to take to quickly protect your equipment and data.

The plan should be detailed and spell out specific tasks and the people who will perform the tasks to stop, contain and control the incident as quickly as possible.

For example, below are some tips for what to include in an incident report for Ransomware:

The threat of Ransomware is real. Ransomware can quickly encrypt important files on your computer and spread over the network. Turning off your computer immediately minimizes the damage. It isn’t always obvious that files are being encrypted by Ransomware. A sign is that you won’t be able to open a file you normally can open, a pop up saying the file is encrypted or even a flashing pop up that says your file is encrypted and being held for ransom. DO NOT RESPOND by clicking on links to remediate this – always contact your IT Department and shut down your PC. Take a picture of any pop-ups with your cell phone if you can.

If you suspect your computer is being targeted by malware/virus, turn it off immediately and notify your IT Support Team right away.

There are policies and processes you can put into place to better protect your organization from attacks by cybercriminals.

Here is a list of what we recommend and can implement for our customers:

• Antivirus software on all workstations, laptops and servers.
• Watchguard firewall that protects the business network with an active security subscription along with logging tools to analyze all traffic in and out of the network.
• Backup of critical servers and workstations to protect from data loss, i.e. theft, ransomware, hardware failure and employee error.
• Password resets every 90 days and/or multifactor authentication.
• Hard drive encryption on travelling laptops.
• Standard laptop or desktop for business use. Do not allow employees to BYOD – bring your own device – for business. This can be a disaster waiting to happen. Many business owners or managers decide to do this to save money, but it often backfires since home user computers need more time to support, will get viruses/malware and will infect the network/servers/cloud business software/file. Home user computers are always cheap consumer-grade, loaded with junk software and often become infected with malware after a couple weeks of use. (I’m not joking. I’ve been there!) Please buy a business computer or laptop for your traveling and remote workers. DO NOT let employees use their home computers.
• Managed IT Plan so that each computer is being monitored. We install monitoring software that allows us to get alerts if there are problems with backup, viruses, hardware issues or software issues and we can take control to remedy the problem.
• VPN tunnels for working remotely to access resources on company services. A VPN (Virtual Private Network) is a secure, encrypted tunnel over the Internet that connects your remote computer with the company network.

Cybercrime will always be a threat to businesses of all sizes but being educated about the dangers and having a solid plan in place will help you be better prepared.

If you don’t have a secure plan in place for your business, we can help. Contact us at (206) 782-4035 or go to our website and complete our online form to set up a consultation.