Protecting your business against cyber attacks can seem overwhelming, especially if you don’t have a dedicated IT staff. Scott Buehler, Director of Information Systems at L.E. Smith, has a few tips that can help businesses of all sizes ensure their information and assets remain safe.
Hackers prefer it if you simply give them information
Unlike what you see in the movies, cyber attacks don’t often involve complex, password cracking software designed to break through sophisticated firewalls. In reality, hackers use a more straight-forward approach to gaining access to confidential information. They simply ask an employee to hand it over.
Seems pretty far-fetched, right? Unfortunately, it happens to businesses every day. Similar to phone scams, hackers will send emails that appear to be from a trusted source. This could be the CEO of a company asking for money to be transferred, or a vendor requesting payment to a new routing number. In both cases, the emails may look like they are from a trustworthy source but those bank accounts actually belong to the hacker.
If they are not asking for money, these emails often contain links that download malware to your computer. If the recipient recognizes the name of the person sending the email, they often don’t think twice about clicking the link. As soon as they do, the malware either gives hackers access to your company’s information or it begins damaging your files beyond repair.
Train your employees, and then train them again
The best defense against cyber-attacks is training your employees on how to spot a phishing email. Teach them to question everything. For example, if a supervisor sends an employee an email request for confidential information, that employee should be double checking everything. Is the email address correct? Was the email sent at an unusual hour? Is the information typically requested via email? When in doubt, encourage employees to call and confirm the email is legitimate before clicking any link or sending any confidential information.
If you are not sure where to begin, there is help out there. One resource used by the L.E. Smith IT department is KnowBe4. This service provides tools employers can use to identify weaknesses throughout the organization and then offers training tools to address those areas.
Moderate your email
It may be wise to set up a number of email filtering rules to stop malicious emails from ever making it to your employee’s inbox. Email services like Google have these basic services built-in, but you should still be cautious.
Use smart email habits
Before clicking on any link, train your staff to get in the habit of “hovering” over the link before clicking it. This will show you exactly where the link will take you so you can decide if it’s safe or not. Encourage your employees to report suspicious emails, and warn against clicking on any links if the email content or phrasing seems odd. For example, if a customer sends an email that says “check out this link” when they typically only ever inquire about orders, the link likely contains malware.
You also want to encourage your employees to immediately report to IT if they do click on a link that is suspicious. Hackers can be clever, making it difficult to identify a phishing email until it is too late. Mistakes happen, but the longer it goes unreported, the greater the damage to the network.
Install and frequently update your antivirus software
A company computer without frequently updated anti-virus software running is a ticking time bomb waiting to go off. That being said, just because you have antivirus software installed does not mean you are safe. This is simply another line of defense after your trained employees. Hackers are always trying to figure out how they can get their malware into your network, and sometimes they are successful. As soon as you suspect something is wrong, take that computer offline by disabling the WiFi and unplugging the network cable until it can be cleaned up and fixed by an IT professional.
Back up your files
Your final line of defense for protecting your information is to have an established data backup system. The basic rule for business data protection is to back up any data that is required for you to continue doing business. Many organizations will back their data up locally or use a cloud storage service. While both of these are sound strategies, they can also be vulnerable to hackers. No file is considered truly backed up until there are three copies: 1) the original copy 2) a local copy somewhere on your computer or on your network and 3) an offline copy stored at a different location and not accessible to your business computers to prevent a hacker from accessing it.
Scott Buehler has worked in the technology field for almost 30 years. He has worked at L.E. Smith for 14 of those years, starting out as a help desk technician and working his way up to Director of Information Systems.