Seemingly every other day, we read about massive cyberattacks on such mega businesses as Sony, The Home Depot, and J.P. Morgan Chase. But, cyberterrorists aren't just interested in the big fish. They're also very happy to troll for unsuspecting smaller businesses like yours and mine.
Have you done everything to minimize your firm's risk to cyberattacks? To learn more about what I could and should do for Peppercomm, I approached Steve Ellis, executive vice president and head of Wholesale Services at Wells Fargo (Note: Wells Fargo is a Peppercomm client) and Deivis Baez, our director of IT.
Ellis provided some personal tips along with a warning of a new kind of fraud, while Baez shared some common IT exposures that small business owners should know about.
Here are Ellis's tips:
1.) Separate personal and business. Consider using a separate computer from your personal one for business use. And with that computer, only use it for business purposes. Never surf the Internet or read personal emails.
2.) Only open what you trust. Do not click on links in emails and be careful where you surf online. I only click on links sent to me by people I know and trust. And on my work PC, I don't even click on links from my parents! I forward their emails to my personal email and open them on one of my personal devices.
3.) Stay up-to-date. Make sure that you educate yourself on different types of social engineering because many times it can lead to attempted fraud. In fact, there is a new type of fraud called 'imposter fraud' where bad guys get into a company's business communications, usually email, impersonate a trusted executive and then instruct accounts payable to transfer money to a fraudulent bank account. The scale of the losses from imposter fraud can be eye watering.
And here are Baez's:
4.) A Wi-Fi connection could undermine your entire network. Baez related the story of a physician who was allowing patients to access Wi-Fi while they waited to see him. The Wi-Fi network was using the same infrastructure as his office's PC. The doctor didn't realize that any one of those patients could easily tap into his network, access other patients' files and insurance information, and just plain wreak havoc. Baez suggests instead setting up your Wi-Fi access through an inexpensive Internet line separate from your company network.
5.) Network users are often a company's weakest link. Most of us use passwords that are a combination of simple words or personal information. It only takes seconds for today's mobile processors to crack the code. Add to that the countless employees who write their corporate passwords on laptops and mobile devices that can be easily stolen or simply lost. If your organization's data security is vital, Baez suggests investing in 2Factor authentication which open-source software has made affordable to many an entrepreneur.
6.) Don't use the same password for your various online accounts. Change them regularly on Twitter and LinkedIn, as well as your personal accounts. Baez cited the tale of Palo Alto developer Naoki Hiroshima whose prized, single-digit Twitter account was hacked and his entire business life brought to a screeching halt. Baez recommends investing in password managers such as 1Password or Last Pass. They'll assure that extra degree of security.
There's a reason why cyberattacks have become a major risk for companies of all sizes. The right criminal using the right approach could put a very serious hit on your company's image, reputation and bottom line. And just like a physical crisis, the time to test a cybercrisis plan isn't after the event's occurred.