With so many high-profile cyber attacks taking place in 2018, many business owners are left wondering whether their business will be safe heading into the New Year. And let’s face it – almost every business depends on technology of some form, so if you’re reading this article, you’ve already started 2019 off on the right foot by taking a serious look at how to protect the systems that drive your business!
1. Don’t fall for email scams
One of the most common attack vectors by far is a simple email. While anti-spam / anti-malware measures have improved over the years, you’d be surprised what kinds of things are found lurking in your inbox. More importantly, scammers have mastered the art of looking like legitimate senders. Here are a few real-life scenarios of email fraud that have occurred:
- A fake message pretending to be the CEO of a company was sent to a junior accountant asking for an immediate $50,000 bank transfer to complete a deal with a partner. The accountant, thinking it was their boss (the scammers forged the “FROM” address), complied. The money was never recovered.
- An email that appeared to come from a banking institution (complete with logo and letterhead) was sent to thousands of people asking to click on a link and verify account details. The link in question led to a fake page that recorded the info and sent it to the scammers. Banks will NEVER ask you to verify over the phone or e-mail. ALWAYS verify by going down to your local branch).
- An email that appeared to come from the Canada Revenue Agency (CRA) threatening jail time unless the victim makes an immediate bank transfer
How to help mitigate e-mail phishing attacks:
When in doubt, pick up the phone and call the person in question. NOTE: Do *not* call the numbers in the suspected email. Use the company’s advertised number or, in the case of the CEO, use your boss’s cell. DON’T click on links in suspect email either. Many of them lead to malware infested sites that can download viruses onto your PC and possibly your company network!
Lastly, talk to your IT person or network administrator about making sure your e-mail systems are configured properly with DKIM and SPF. While neither of these solutions are perfect, they are the best options we currently have to help reduce the chances of “spoofed” messages and are supported by major email providers like Microsoft Office 365 and Google G Suite.
The way these technologies work is by first attempting to verify that the person sending as “firstname.lastname@example.org” is in fact, authorized to send from yourcompany.com, so it’s a great idea to make sure both are enabled and functioning correctly.
2. Protect your data both inside and outside the office
Many companies spend large amounts of time and money to try and protect the data that’s on their network. They implement firewalls, VPNs and all sorts of technology trying to protect their network and their servers. But strangely enough, they don’t take measures to protect the data that leaves the office. And once that data leaves your network, it can be for all intents and purposes, outside the purview of your system administrator.
In an ideal world, the best way to protect data while offsite is to have a strong policy that your employees make utmost efforts to protect your customer’s information (and your company IP) like it’s their own. However, we all know firsthand that as humans we’re liable to make mistakes. So how can you protect your company data when it’s not inside your network?
The answer is encryption
Too many times, there have been consquences: an unwitting employee leaves their laptop on a coffee shop table while on business travel. They get up to use the washroom and suddenly their laptop is gone, along with all the data on it. Or how about the one where the public service employee left their external hard drive in the back of a car, which was then broken into and the drive was stolen?
The only way to protect the data on stolen devices is with full-disk encryption. In a nutshell, encryption scrambles the data on a device so that it can only be accessed using a decryption key, or passphrase. With the technology that we have available today, every business should be using encryption in 2019.
3. Use two-factor (2FA) authentication
Also known as multifactor (MFA) authentication, two-factor authentication is one of the easiest means of protecting against passwords being compromised. The way it works is, even if the attacker gets your password, they must still verify the login via a randomly generated temporary code that appears on either a USB key or on your cell phone. Some older methods also use text messages to verify, although this is slightly less secure. For more info on how to set up 2-factor authentication, check out the article I wrote last year covering this topic: How to protect your online accounts using 2-step verification
4. Plan for disaster before it happens
The best defense is a good offense so-to-speak. The same goes for your IT planning. What will you do in the event of a cyber-attack, natural disaster (such as an earthquake or flood) or a cyber-meltdown? How about your staff: Are they educated on what to do? Who to contact?
Make sure your backups are functioning correctly – the only sure way to know is to conduct a test (don’t wait to find out in the middle of a disaster scenario that your backups are corrupted)!
For more info on how to create an effective disaster plan, you can read our article from last year: Protect your business against these 5 common technology mishaps
5. Let the pros do the heavy lifting
Technology, while it appears to be getting simpler in design, has actually gotten more complicated under the hood. With so many different pieces working together to provide basic services, there is *a lot* to stay on top of, especially when it comes to protecting against cyber attacks.
How to know whether it’s time to hire an IT consultant
If you’re feeling overwhelmed with IT outages, you’re not alone. Perfect Leap™ can help! Some of our best relationships were born from tough situations.
In addition, a big part of our job is staying on top of the latest technology trends. Most business owners don’t want to hassle themselves with IT planning – understandably, they want to focus on growing their business instead. Perfect Leap™ can help you plan, budget and implement your next IT project!
About Perfect Leap™
Perfect Leap Technology Inc. is an IT company serving businesses in Port Moody, Burnaby, New Westminster, Coquitlam, Maple Ridge, Pitt Meadows and the Metro Vancouver areas.
We provide end-to-end technology solutions including: Technical support, cloud services, cybersecurity consulting, disaster recovery, IT project management, IT project rescue, web design and hosting, containerization / virtualization, systems administration and network design.