This month’s blog is taking a serious look at how we can protect ourselves from cyberattacks. With the latest hacks and breaches, it is a scary place to be as a business owner. I speak from experience as one of my closest friends runs an internet based business in Folsom, California. His Internet company works closely with the DMV to assist individuals and insurance companies in tracking DMV records. He purchased the business 6-months ago for $650K. He was growing a thriving Internet based business, until the Petya cyberattack caused a world-wide breach; within 3 days, his business failed due to clients needing immediate access to complete their applications. That is how fickle the Internet consumer works in this new generation of immediate gratification. If you cannot find what you need instantly, you jump to another provider. My friend lost all his customers and in less than 3 days he was finished.
After I got off the phone with my friend I decided to take a long look at Creative Marketing Arts' cyber security. The following is written to help myself, my friends and clients review their personal security.
Generally, we only hear about the large companies who receive all the headlines for security breaches. This is partly due to big retail and financial institutions storing extensive amounts of personal data such as credit card numbers and social security numbers online or through the cloud. It seems obvious, but you do put those items into a DMV application or IRS review which could and would end up online.
Smaller businesses are not as enticing as the large companies, but we are still under attack and have to be very conscious of what is out there that could take down our businesses.
To clear up some of the terminology I have listed some of the items that may be helpful.
Phishing occurs when someone tricks an employee to divulge personal and financial information. Posing as a well-known company, a thief will send out emails asking the recipient to reply. The thief may also direct the recipient to a fraudulent web page. The page asks the employee to key in personal information as well as credit card information. This is a very successful and malicious tactic and this is how 90% of the attacks occur.
Malware, short for malicious software, is a catch-all term used to refer to a variety of forms of hostile or intrusive software, including: Viruses, Worms, Ransomware, Spyware and Trojan horses. Ransomware is malicious software that blocks a victim’s access to their data. It then threatens to publish or delete the data until the ransom is paid. You must have your Firewall in place and activated always.
Never upload your personal data “unencrypted” to dropbox, google drive or any online file sharing services.
Crosscheck your social media security settings:
Make sure your social media networking profiles are set to private. Check your security settings. Never post sensitive information about yourself online.
Keep all applications and operating systems updated with the latest security updates.
WIFI-The most vulnerable of all networks:
Always secure your wi-fi with a secure password. Do not use public wi-fi for transactions. Update passwords and change them regularly. Only surf with Wi-Fi, do not do any personal information unless you are on a secure network.
Secure your Mobile Devices:
Be aware that your mobile device is vulnerable to viruses and hackers. Only download apps from Google or the Apple Store online.
Do NOT store your card details on websites:
If you stumble upon a site that insists on storing your credit card information, so that your transactions are faster next time back off and get off that site immediately. If you are shopping online and you need to use a card to finalize your purchase, do not “remember card”.
Never trust e-mails:
Do not trust emails which offer prize money only through lotteries of which you are not a participant. Never give your credit card information and CVV numbers online unless the site is secured and reputable. This seem obvious as a little lock icon can come up to make it look legit but don’t be fooled. If in doubt Google the site for Phishing.
Pop-ups are another challenge to cyber security, they can contain malicious software which can trick a user into verifying something. Always ignore pop-ups offering things like site survey and e-commerce sites, as they are sometimes where the malicious code is waiting to attack.
Review your credit card statements:
Always take time to review your bank statements and credit card online statements. I have personally been attacked at CMA with numerous strange charges due to our online purchases and regular online advertising our company provides for our clients. We have now put ongoing security checks on my cards and accounts. All my credit cards send me charge card updates online as they happen so I can constantly review and monitor spending. We check our online banking daily to look for strange charges and possible intrusion.
So, Gurus this is unfriendly stuff and can make dealing with a business scary and difficult. Protecting yourself and your business against malicious events is not a “set it and forget about it” proposition. Stay mindful of your online activity and be present daily. Don’t assume you are safe, this is Cyber-War and you must fight back. Namaste