Practice Safe Cyber
If the big guys can get hit, nobody is safe.
It’s been a year of cyber threats – from attacks on Sony to hackers stealing credit card information from The Home Depot. But these attacks are not unique to only major corporations—they are a threat to all businesses, whether you have 1,000 employees or five. This is why it is integral for businesses of all sizes to consider safe cyber practices.
“I definitely believe that today we’re faced with the biggest threats that we’ve ever seen,” says Clayton J. Mouney, president of Think IT Solutions, a New Orleans company.
“You just look at 2014, where we broke all kinds of records. It was the biggest year for the largest cyber security threats for the entire history of cyber security or technological threats.”
Combating hackers and potential cyber threats calls for alertness in company computer practices. As the risk of becoming a target grows as companies use more and more technological solutions, such as cloud-based storage, the first step to protection is realizing that nobody is too small.
“You have to start as an individual,” Mouney says. “Everyone as an individual has to think that cyber security and threats affect everyone. It’s not biased. If someone steals your credit card information, it doesn’t know who you are. It doesn’t know how much money you make or how little money you might make. It doesn’t know if you’re male or female. It just knows that they have a credit card and they want to take advantage of you.”
What are hackers looking for?
It’s important to know what kind of data might be sensitive. Hackers are looking for any possible information that they can flip into a quick profit, so know what your business has to offer and consider what information that might be.
“What people are looking for really can be anything, no matter what demographic or space your company is in, whether it is finance, groceries, or cosmetics,” says Matt Wallace, vice president of marketing for Venyu, a Baton Rouge-based data protection company. “You always have to protect your financial data. In the medical industry, protecting customer data is paramount, not only from a security aspect but also from a compliance aspect, where if you’re dealing with state and local government or hospitals you have to deal with HIPAA.”
Even ideas might be at risk.
“They [hackers] might even consider going after the proprietary information for your business,” warns Mouney. “If you’re a company that produces something, they might be interested in your patent information or just the proprietary information.”
“I definitely believe that today we’re faced with the biggest threats that we’ve ever seen”
-Clayton J. Mouney, president
of Think IT Solutions
How to fight back
Though cyber threats are becoming more and more aggressive, there are very easy ways to stay safe. Think IT Solutions and Venyu offer simple tips to keep your information safe.
Make a plan
As stated earlier, awareness is the first step. But along with awareness comes well-informed planning that includes not only how to protect against an attack, but how best to cope if you are compromised. You don’t want to leave yourself or your business out in the cold while you’re trying to pick up the pieces.
“You have to start with a plan,” says Mouney. “That plan has to start with the idea that it’s not a matter of if we get compromised but when. You always have to finish that plan with a contingency beyond just protection.”
Physical security is the easiest to address. This simply involves knowing where sensitive data is stored and making sure away it’s kept away from prying eyes or slippery fingers. Wallace advises companies not to use physical storage devices like external hard drives for critical data.
“We see a lot of breaches in the industry that happen and start that way, where a laptop gets stolen or compromised. Those are fairly easy things to head off,” Wallace says. “You just batten down those hatches and access to the data is actually protected.”
Safe email practices
It’s easy to forget that emails are not encrypted and before any message arrives at its intended recipient, it has likely traveled through multiple servers and passed through a number of router switches, which allows easy access to hackers if emails are not encrypted.
“If you are emailing, we typically suggest that you use some type of PGP encryption or something to encrypt the email,” says William Sellers, senior innovation engineer at Venyu. “At least do something to the file so you zip it up and use some type of password to open it up if it is sensitive.”
Passwords: we all have them. But we often don’t know how complex they need to be and would rather keep them simple as they can be hard to remember. The average person has to remember 10-15 passwords between work, social media, and their personal financial accounts. But that doesn’t mean that we need to simplify.
“We here at Venyu have forced a very complex password on all of our individuals that work here,” Wallace says. “There are tools you can use that will actually log your passwords for you. Tools like ‘LastPass,’ where you’re able to deploy very complex passwords that don’t make any sense at all—they’re just letters and numbers and characters.”
Many of today’s threats come from untrained employees who need to be educated on not responding to suspicious emails and being wary of links or pop-ups that have not been solicited.
Though you might have the best possible safeguards, accidents can happen.
“You can have all the different layers of security in place – from strong firewalls, to virus software, to anti-malware software,” Mouney says, “and it could just come down to one person in the office that doesn’t understand that there’s someone trying to get their information.”
Finally, software protections are paramount. Running virus detection and/or malware protection software is key to keeping computers clear of possible infiltrations.
“Then of course you have to actually keep up with all of the viruses and compromises that are out in the wild to make sure you’re not at risk for something,” Sellers says. “The hardest part is knowing what’s out there to protect yourself, and that’s where we try to direct our clients to use tools or other third parties that will actually do that work for you.”
What banks are doing about it
Banks are now taking a larger role within cyber security, as they have become easy targets for greedy hackers, DDoS attacks, ransomware and spearfishing. This has become particularly important as new consumer banking technologies are developed, such as banking apps for smartphones.
“We’ve moved away from security being considered an afterthought to security being considered on the front end,” says Jeff Loupe, Whitney Bank’s Security Operations Manager. “Building security in from the very first phase of the project has really become a big focus area for banks in general.”
Loupe’s biggest recommendation is to limit how you use the computer you’re banking from, though he knows that isn’t always practical.
“But if you can, have a single function machine where you can check your bank balance from or do ACH transactions, wire transactions,” he says. “As specialized as you can get on a machine, that’s going to increase your protection and decrease your risk.”
On their end, banks are increasing the size of the information security teams and investing more heavily in the technologies that keep consumers safe while also tracking infections.
“They’re installing things on their end to determine if a machine that’s connecting to their systems in infected,” he says. “Instead of relying on the customer to stay clean and to maintain a machine that’s not infected, detection is more on the side of the bank’s systems.”
Don’t let yourself be beaten
“You have to be vigilant,” Mouney says. “You have to be willing to say, ‘I’m not going to be taken advantage of by someone who’s trying to outsmart me.’ We have to be smarter than the bad guys, and it’s hard because the bad guys are very smart.”
92 percent of threats follow the following nine basic patterns
1,367 Breaches in 2013
• Denial of Service Attacks (0%)
• Point of Sale Intrusion (14%)
• Web App Attacks (35%)
• Insider and Privilege Misuse (8%)
• Physical Theft and Loss (<1%)
• Crimeware (4%)
• Payment Card Skimmers (9%)
• Cyber-Espionage (22%)
• Miscellaneous Errors (2%)
63,437 Breaches in 2014
• Denial of Service Attacks (3%)
• Point of Sale Intrusion (<1%)
• Web App Attacks (6%)
• Insider and Privilege Misuse (18%)
• Physical Theft and Loss (14%)
• Crimeware (20%)
• Payment Card Skimmers (<1%)
• Cyber-Espionage (1%)
• Miscellaneous Errors (25%)
Verizon’s 2014Data Breach Investigations Report