CyberSecurity: Threat Awareness is your Best Defense
By Martin Straub
Martin Straub is the owner of SimplePowerIT, LLC, an affiliate of Cordell, Neher & Company, PLLC, and provides cybersecurity and technology solutions and support to NCW businesses and nonprofits. Martin can be reached at (509) 433-7606 or martin@simplepowerit.com.
In the early days of the internet, most individuals and businesses considered themselves safe from hackers if they had reliable antivirus software. The occasional virus was a nuisance, but typically didn’t involve the theft of confidential data. Because it was inconvenient to secure PCs and WiFi networks with passwords, many of us didn’t bother. Similarly, when we created website accounts, we didn’t think twice about using “Password” as our password because really, what was the risk?
If only internet security was that simple still today! Hardly a week passes now where we aren’t hearing about yet another breach, often by companies that we thought we could trust and know had access to our personal data.
Unfortunately, whereas years ago, malicious internet activity was often motivated by technology “nerds” looking to prove that they were capable of breaching networks and releasing destructive viruses, today cybercriminals are most often motivated by money. The “dark web” provides a platform for criminals to exchange data, pass along trade secrets, and generally make their living. An entire industry now thrives making money illegally on the internet, often at our expense.
Many small businesses and nonprofits naively think they won’t be targeted by cybercriminals. According to Verizon, 58% of malware attack victims are categorized as small business. Another sobering statistic from a 2017 Ponemon Cybersecurity Study indicates that 61% of small businesses experienced some type of cyberattack in the past 12 months. The reason? Small businesses and nonprofits lack the resources of larger organizations and often don’t understand the risks or make it a priority to properly secure their data.
Fortunately, there are some basic precautions that all organizations can take to better secure their environment.
Be suspicious of every unsolicited email. According to the same Verizon study, an amazing 92% of malware is delivered via email. That doesn’t necessarily mean a malicious attachment; often it is a less suspicious link within the email that starts the malware infection. Phishing emails (and a clever variation known as “spear phishing” which impersonate a known person to gain the trust of the recipient) have become increasingly more sophisticated and difficult to distinguish from legitimate messages. Office 365 users are particularly susceptible, not because Office 365 is inherently less safe, but because it has a massive user base attracting more sophisticated attacks.
Use complex passwords and change them regularly. If this seems cumbersome (it is!) you’re not alone. Criminals count on the use of simple passwords (or the same one used across many websites) to easily gain access. Consider the use of password management software (such as LastPass or Roboforms) to create complex, unique passwords and save them to an encrypted vault. Even better, if offered by your software vendors, enable multi-factor authentication.
Backup data offsite. Ransomware (whereby a virus encrypts network data and demands a ransom payment to release the encryption) is still one of the leading forms of malware. Often ransomware is able to “crawl” the network and infect all available files including backups. Ensuring an offsite copy (that has been verified and tested) is a proven method to recover from ransomware.
Control access to data. Because end user PCs are the most common sources of malware, controlling access to data may help contain a virus’ spread. If a user does not have a business need to access customer or other confidential data, use security controls to restrict their access. For instance, in QuickBooks, assign only permissions that correlate to the person’s responsibilities; on a server, assign folder share permissions only as needed.
Secure remote access to your network. Criminals can silently attempt to exploit any available access point into your network. Thus, poorly secured remote access is a common vulnerability. Consider blocking all unattended remote access (especially external vendors who access PCs or other devices in your network) and use virtual private networks which provide additional protection.
Educate your employees. Good cybersecurity “hygiene” starts by having employees who understand the company’s expectations, are aware of the risks, and are vigilant about potential cyberthreats. Have employees acknowledge your organization’s IT security policy (or create a policy if one doesn’t already exist). Regularly review threats with employees and consider implementing recurring phishing and training programs.
Because threats are constantly evolving, internal cybersecurity reviews should be a regular part of your business processes. For stronger protection or a more thorough assessment, ask an IT expert to evaluate your network.
Events & Deadlines
Community Service Day
Cordell Neher & Company, PLLC 175 E Penny Rd #1, Wenatchee, United StatesCNC Newsletter
Subscribe and stay informed on policy changes that could have an impact on you.
Footer Contact
Check the background of your financial professional on FINRA's BrokerCheck®
Privacy & Usage: The information on the Cordell, Neher & Company, PLLC website is provided with the understanding that it should not be substituted, in any way, for consultation with a professional Certified Public Accountant, accountant, tax, legal or other competent advisor. Cordell, Neher & Company, PLLC makes every attempt to ensure that the information contained on their websites are obtained from reliable sources, but is not responsible for any errors and/or omissions or from the results obtained from the use of any information. This site contains links to servers maintained by other organizations. Cordell, Neher & Company, PLLC cannot provide any warranty regarding the accuracy or source of information found on any of these servers, the content of any file the user might use to download from a third-party site, and is not responsibility for the content found on any of these servers or for any links these servers maintain with other servers.
Avantax affiliated advisors may only conduct business with residents of the states for which they are properly registered. Please note that not all of the investments and services mentioned are available in every state. Securities offered through Avantax Investment ServicesSM, Member FINRA, SIPC, Investment Advisory services offered through Avantax Advisory ServicesSM,Insurance services offered through an Avantax affiliated insurance agency. 3200 Olympus Blvd., Suite 100 Dallas, TX 75019 972-870-6000.
Avantax financial professionals may only conduct business with residents of the states for which they are properly registered. Please note that not all of the investments and services mentioned are available in every state. Securities offered through Avantax Investment Services.SM, Member FINRA, SIPC. Investment Advisory Services offered through Avantax Advisory Services SM. Insurance services offered through an Avantax affiliated insurance agency. Method 10® is property of Avantax Wealth Management.SM All rights reserved 2020. The Avantax family of companies exclusively provide investment products and services through its representatives. Although Avantax Wealth Management does not provide tax or legal advice, or supervise tax, accounting or legal services, Avantax representatives may offer these services through their independent outside business. This information is not intended as tax or legal advice. Please consult legal or tax professionals for specific information regarding your individual situation.
The Avantax family of companies exclusively provide financial products and services through its financial representatives. Although Avantax Wealth ManagementSM does not provide or supervise tax or accounting services, Avantax Representatives may offer these services through their independent outside business. Content, links, and some material within this website may have been created by a third party for use by an Avantax affiliated representative. This content is for educational and informational purposes only and does not represent the views and opinions of Avantax Wealth ManagementSM or its subsidiaries. Avantax Wealth ManagementSM is not responsible for and does not control, adopt, or endorse any content contained on any third party website.
This information is not intended as tax or legal advice. Please consult legal or tax professionals for specific information regarding your individual situation. Investments & Insurance Products: Are not insured by the FDIC or any federal government agency- Are not deposits of or guaranteed by the bank or any bank affiliate- May lose Value
Avantax Investment ServicesSM and Avantax Advisory ServicesSM are not affiliated with CNC Financial Group, LLC.
© 2020 Cordell, Neher & Company PLLC • Designed by Pixel to Press