Keys to Protecting Your Business Against Cyber Attacks – Comprehensive Approach and Awareness Training

Cyber Security is seemingly the most talked about security subject these days. And for good reason, it touches all aspects of security. Satima Fowler, Co-CEO of Capstone IT, adds that Cyber Crime at $600B annually is the third largest criminal activity behind only Government Corruption and Drug Trafficking. She also indicates that there are often discreet enterprises with hundreds of unknowing employees behind major cyber based crime operations, noting “The bad guys adopt technology before the normal population.”

Capstone IT is generally called by customers for three reasons: (1) company has been hacked, (2) compliance, (3) customer’s clients are requiring compliance. They find customers fit into one of three categories (majority in the latter two categories): 

• Category 1 – Good planning, processes, tools and training in place

• Category 2 – Some areas planned, but not all

• Category 3 – Companies overwhelmed and not prepared for cyber attacks

At the January 2019 meeting of ASIS Rochester, Satima and Matt Topper, CTO, Capstone IT outlined the following areas that form a critical baseline in the protection of data and reputation against a cyber attack:

1. Passwords and Multi-Factor Authentication – more complex passwords are better; password length adds to complexity and really becomes a deterrent to attack as does use of multi-factor authentication

2. Regular Software Upgrades – noting that PDF, Browser, and Flash represent higher vulnerabilities than the Windows O/S

3. Secure Internet Gateway – a secure onramp to the internet anywhere business users go

4. Firewall and Antivirus Software – also making sure everything is backed up properly both onsite and offsite

5. Spam Filter – most attacks originate in email

6. Encryption of Files at Rest and in Motion – HTTPS, not HTTP (use of auto encryption within Windows 10)

7. Mobile Device Management – ability to remotely wipe devices

In addition to the above key areas, Capstone IT advocates business and public entities undertake regular Security Assessments, continuous Security Awareness and Training, and Dark Web Research.

Ransomware is also a big issue with companies these days. It is important not to let your employees be fooled by phishing attacks. The attackers get to understand the organization structure and use that to send emails from the CEO or CFO for instance to get employees to click on a link (the root cause of 95% of attacks). Proper and continuous training (and occasional testing) help employees detect spoofed messages.

ASIS Rochester members and guests are invited to talk further with Capstone IT concerning cyber security, risky employee practices, and steps to develop a roadmap to more effective security. Contact Capstone at 585.546.4120.