Webnotes by: Theresa Payton, Fortalice, LLC. Content also covered on WBTV's "Protecting Your Cyberturf" segment featuring Kristen Miranda and Theresa Payton.
The “bad guys” go where the action is. Your press release of a recent achievement, award, or expanding business catches their eye. They surf the web looking for winners of contracts for government agencies or companies. They actively track and profile companies, prominent political figures, celebrities, and people of financial wealth for ill-gotten gains. They exploit weaknesses, not just in our technology protection, but also in our human nature. And until now, most of us thought that it would cost a fortune to protect yourself or you’d have to hire your own resident geek.
Cybercreeps and cybercriminals are experts at understanding what makes a person click on a link, open an attachment, or visit a particular website. They target their victims by mimicking day to day tasks and trap them into letting them into their devices, computers and networks. It used to be that if you put in place the best, leading edge technology that you could fortify your digital life for your company and your personal life and then you were “safe”. That is no longer the case. Cyber expert, Theresa Payton, explains what you can do, even on a tiny budget, to have the digital security of the rich and famous...or maybe better!
The points of entry are increasingly sophisticated. We have seen cybercriminals that use sophisticated spear phishing, a focused email scam, to target a specific person or entity. We have also watched some cybercriminals hijack press releases of legitimate companies and convince you to click or download information. Another set of cybercriminals are particularly expert at poisoning search engine results. Cybercriminals are fond of using current news events to set their malicious software trap. Any hot news topic, from the death of Morgan Freeman (who is not dead) to the exploits of Julian Assange at Wikileaks, presents perfect opportunities to poison search results.
Google reported that 1.3% of their search results are infected. So, if you get 100 potential hits for your search request, that means 1 of them could be a trap.
4 LOW COST OR FREE TIPS:
So what can you do to protect your company’s digital assets and those of your family?
1. Educate your staff on the risks and the threats. Just a conversation about a news headline helps with awareness.
COST? FREE!!!! Go to www.OnGuardOnline.gov for free internet safety games and then spend time talking about it. An informed employee or family member is your best defense!
2. Provide them with written guidelines such as "Never put customer data on a thumb drive" or "Ask someone else at the company before you click on a link in an email and give up company data". COST? FREE!!!!! The FCC recently published a tool for Small Business Owners that you can use. It’s quick and easy! http://www.fcc.gov/cyberforsmallbiz . The US Chamber of Commerce also provides helpful tips, tools, and information: http://www.uschamber.com/issues/technology/internet-security-essentials-business
3. Practice a disaster - "Today, we found out that a cybercriminal made a copy of our customer data and is selling it online....what would we do in the next 60 minutes to recover?" COST? FREE!!!! Get free tips on what to think about and how to practice a digital disaster at: http://fortalicesolutions.com/offer/
4. Create a written policy about confidentiality of customer data and ask your employees to sign it annually. The policy should include:
a. not talking about customers by name or industry online or offline
b. not sending customer data to personal email accounts
c. whether or not it is okay to have customer data on portable media
COST? LOW COST AND IN SOME CASES FREE!! If you have a complex business or a celebrity in your family, the free tools may not be for you so you should consult with a firm that can help you develop good policies and procedures. However, many companies and households can probably get by with the resources at www.OnGuardOnline.gov to help you create “Do’s and Don’ts” that are best for your company and your household. You can also use the FCC site to create a list that works well for you: http://www.fcc.gov/cyberforsmallbiz
DON’T FORGET ABOUT SOCIAL MEDIA
67% of people polled by Sophos, a software security company, said they had been spammed via social networking. Facebook seems to have a scam story or survey regularly.
57% of businesses polled by Sophos said they think their employees share too much online but they do not know how to teach them not to, or how to write policies that would enforce keeping company secrets a secret without encroaching on First Amendment rights.
FREE ANTIVIRUS TOOLS:
There are a variety of tools to choose from. Make sure before you download a “free” tool that it is from a reputable company. Some free tools that you may want to try are:
WORD OF THE WEEK:
SPLUNK: It’s a favorite tool of cyber geeks - and there’s a free version too! The tool creators named it after “Spelunking” which is the hobby of exploring caves. They got the idea after customers told them that their tool was like a miner’s hat and helped them dig through caves of data to find out what their cyber security issue was.
You can get the free version of Splunk at http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W