Notes from the FBI: Cybersecurity Measures You Should Take Today
This year has disrupted many things for businesses, but one thing it should not delay: your organization’s cybersecurity strategy planning and execution. A cyberattack can cost hundreds of thousands of dollars – a price too steep for most businesses since an estimated 60% of businesses will close after an attack.
We’ve been talking about the importance of cybersecurity planning for a long time, but we know sometimes hearing it from an outside source helps reinforce the messaging. That’s why recently we had Supervisory Special Agent Joseph Hooper of the FBI join us for a webinar to discuss cybersecurity measures. Here are the key takeaways that should matter most to you.
Now That Things Have Slowed Down, Readjust Your Cybersecurity Measures
Most businesses struggled this spring to set up remote work IT solutions to remain productive and to maintain communications with clients and colleagues.
That, unfortunately, didn’t give you time to properly assess vendors, processes and procedures, and you may have implemented several “good enough” quick fixes that you now need to analyze and improve upon.
We may not be out of the woods yet with the current healthcare pandemic, but the pressure appears to be lessening. This breather provides you the opportunity to look at the IT compliance and cybersecurity measures you have in place and ensure they are effectively doing their jobs.
Let’s look at the most important focus areas you should consider when it comes to cybersecurity.
Hooper identified business email compromise (BEC) as a top concern in 2020, and it should be for you as well. The good news: You can deploy an easy solution – 2-factor authentication. This service comes free with Office 365.
Beyond that, our guest speaker shared two specific email practices for you and your staff:
- When an email request seems odd, pick up the phone! Call the sender of the suspicious email to verify they sent it. Make calling a documented part of the process and consider using a code word to easily verify emails on the phone.
- Don’t send credit card and password information via email. Having that sensitive data sitting in an inbox is asking for that information to be compromised.
If you’re one of the 65% of people who admit to using the same password on multiple sites, you’re putting both your accounts and your organization at risk.
Hooper recommended using long, unpredictable random passwords. You can visit a site like strongpasswordgenerator.com to come up with a hack-proof password. We also highly recommend a tool like LastPass to save your passwords (you can use 2-factor authentication with this as well).
Here at itSynergy we see two sides to the ransomware issue: technology action items and purchasing of cyber insurance. The technology tools and strategy will get you back up and running after a breach. You need cyber insurance to cover the costs to mitigate the damage after a breach, such as data recovery or reputation management.
The FBI statistics show a 72-hour window in which you can hope to get back what was ransomed. You need to have a documented plan for what you’ll do if you become a victim. Plan now before you need it.
What to Do Right Now
Ongoing training is essential. Your employees are the first line of defense against cyberattacks – and can also be the weakest link. Train employees to be careful and have policies in place to safeguard your IT systems.
Consider running penetration tests to simulate cyberattacks. These show where your vulnerabilities are so you can shore them up. It’s a good idea to have a different firm other than the MSP that manages your IT run the test so that it’s truly a blind test.
If the FBI thinks protecting your IT systems against cyberattacks is important, it should be for you as well. Get your free 40-point IT risk assessment to see where your systems are weak. From there, itSynergy can build a custom technology strategy plan to protect your business.