3 Cybersecurity Things to Be Watching For Right Away
Woof, woof everyone! It’s another Murphy’s Musing with a simple question: Who is watching over your technology backyard?
Every so often, I get to watch as my teammates at Groff NetWorks fend off an active hacking attempt. They get the alerts that something smelly is going on and make sure the network under attack is safe and secure and then, like a pack of hungry West Virginia bloodhounds, they start tracking the pesky varmints back to their hidey holes.
We used to track them back to hidey holes all over the world – Europe, Philippines, Russia, etc—but more and more, we’re finding cyber-attackers holed up in China. What’s really surprising is the brazenness of these new kinds of active attacks—they are not trying to hide their location. We’ve even seen attacks that are clearly coming from overseas direct competitors of companies here in the States. These hackers aren’t hiding in the shadows, they are right out in the open. Recently, one of them even had a LinkedIn profile for the competing company, using their regular company email address and everything. It’s stunning!
You might think, “well we don’t do business in China…” but these hackers do not limit themselves. If they can get into a single email account of any company, they can then copy customer lists, they can send customers new payment routing forms using your company’s email, and they can use hacked accounts passwords to try to get into other systems at the company (no one uses their email password for other passwords… right? Right???).
What I’m saying is, cybersecurity isn’t something “to get to” next year. It’s a right away thing, and it’s not an event—it’s establishing vigilance. You need someone who knows what they are doing watching over your technology backyard. But if you need to get started, here are the three things you can do right now and they don’t cost much:
* The biggest weakness are your employees—you have to train and test employees on information security, especially email security. There are ways to make this simple and repeatable throughout the year. Call us and we’ll gladly set something up for you that doesn’t cost much.
* If you don’t know if your hardware systems are running the most current firmware and have the most recent patches done, go find the person in charge of IT and ask them. Routers, switches, servers, desktop/laptops, phones, tablets, etc. Demand a spreadsheet of all your hardware that shows the current version and the latest version available. If there is a gap, you’ve got a problem.
* Finally, get a network assessment done against your hardware that also checks your policies (for example, do you have a password policy for your company and do all your employees follow it?) Some “cyber$ec” firms are going to charge you $20,000 but really good assessments revealing the most troublesome holes can get done for around $5,000 to $7,000, and that payment can be spread over a couple months. We’ve seen companies willing pay more for watering plants and coffee than they do cybersecurity. I like plants, but probably not the way you want me to.
Look, today’s hacker/phishers are more aggressive and more brazen, and as bigger companies plug their security holes, they are clearly targeting cyber-soft small to medium size businesses. And they aren’t covering their tracks either. That’s an escalation that we’ve not seen before.
We know most small businesses don’t have tens of thousands of dollars to spend on cybersecurity, so give us a call (518-320-8906 x 101) and we can just talk about what your company might need, even if you… even if you don’t use us. Knowledge is power and what we love most at Groff NetWorks is turning your technology-worry into technology-strength.
So… who is watching over your technology backyard?