IT Department

CyberSecurity

By: Jeff Shrum, IT Manager

As someone who has been in the IT field for 35 years, I have been privileged to experience some amazing advancements firsthand, including email and shortly thereafter the Internet. Both of these tools revolutionized communication and information sharing, and it truly saddens me to see how these resources can be (and have been) warped by those with bad intentions. Every single day there is news of new digital attacks and threats to be wary of. Every single week there are patches for exploited software pushed out. In the first quarter of 2019 alone, every 14 seconds a business was hit with ransomware. Every 5 seconds a business somewhere was hit with malware.  Despite the threat these attacks pose, the Internet, email, and the digital world are just too valuable for a business to even think about not using; so how do you minimize your risk? Outlined below are some key steps to take to minimize your risk:

  • Backup your files and keep your backups off line.  Your programs can be reinstalled in the event of an attack, but your data is something that you may not be able to rebuild.
    • It’s also important to rotate your backup devices and never expose your most current backup files.
  • Patch your systems weekly. Keep your systems up-to-date as most malware is an exploit of a known vulnerability.
  • Educate your users. This is the number one safeguard you can put in place because no matter how good your other defenses are, you’re still only one mis-click away from trouble.
    • Be wary of attachments. Especially password protected .zip attachments.  Many anti-SPAM engines cannot scan inside a password protected file.
    • Never enable macros from an external document unless it comes from a highly trusted source that you have communicated with about it. Macros can contain any kind of malicious code.
    • Always ensure a link is taking you to the website you think it is. Hover over the link in the email to verify the address in the window that pops up before you click on it.
    • Report any incident to your IT person or group as soon as possible.
    • Remove any suspect system from your network or, if a stand-alone system, disconnect it from the Internet until it can be analyzed.
    • Be cautious about who you connect and share with on social media (LinkedIn, Facebook, etc.).  Not everyone is who they claim to be.

Finally, I listened to a couple of executives talking recently about cybersecurity, and they had some interesting insights. The one that stuck with me the most said, “There are two kinds of people in the world; those who know they’ve been hacked and those that don’t know.” As sad as that made me feel to hear, it helps to know that there are many great resources available to protect yourself and your company, and if you follow the steps above you can recover from any attack you may face.