What’s a person to do?

What’s a person to do?

What’s a person to do?

Amanda Young Blog

Risk is only getting greater.
by Sara Cherny

Use your imagination to remember back to a time when dinosaurs roamed the earth and cd rom drives were the latest must-have gadget. It was during those halcyon days that I purchased a cd rom drive for my then boyfriend, now husband.  He had just left his safe job in a bank IT department to turn his part-time IT support business into his full-time gig.  A cd rom drive was as close to cutting edge as I could get and would represent love of his geekiness and his new endeavor.  He seemed to really like it.  And then he plugged it in… It fried his motherboard.  There was a short in it and that is when he told me that you never select the box at the front of the display.  My rational mind rejects that choosing a device from the back of the display offers any greater safety, but to this day I would never buy him something from the front.  The risk is too great.

Risk is only getting greater. Everyday I feel bombarded by personal and corporate attacks.  The phone rings to let me know that my social security card has been suspended or the IRS is going to have me arrested for a tax problem I didn’t know that I had.  I find out through email that there are issues with equipment shipments.  My boss (aka husband) wants me to purchase gift cards for him, but doesn’t have time to explain (not completely improbable).  I receive texts telling me to check the status of orders or that my account has been compromised.  My son sends me a pdf or link to something that has no further explanation.  A vendor claims that their name or address has been changed and I need to update the information on file. Some of these attacks are easier than others to dismiss without much thought.  The problem is that other times, when I am busy and expecting a message, or when the message is from someone I think that I know, I am afraid that I won’t see it.  I won’t see the attack.  I will be responsible for a problem far worse than frying the motherboard of the first pc Tobin Solutions owned.

I know that I am probably one of the weakest links at Tobin.  My technical knowledge is marginal.  My name and job title offer fertile ground for phishing attacks.  When Tobin started requiring all employees to complete cyber security training (Tobin’s SleepWell Aware program), I had a second browser open to search the answers to the questions.  Who knew there were so many names for the “I-can-take-down-the-whole-company-by-clicking” attacks?  Phishing, smishing, whaling, vishing, malvertising and on it goes.  Criminals are smart and dedicated to their craft.  The only way to even stand a chance is to be educated and continually reminded to be vigilant.

There are things that can be done to help mitigate risk.

Passwords, passwords, passwords – Do you know how much I hate having to have what feels like a million different complicated passwords?  Using a password manager like LastPass, which has a free version as well as paid options for personal and corporate accounts, makes life a lot easier.  I can’t remember a 20+ digit password.  With LastPass I only need to remember one password to access all of the rest.  I am also able to share my highly complex DoorDash password with my family so that no one starves. With LastPass, I am able to meet company and family requirements for password complexity without too much angst.  I am also able to save ridiculous answers to security questions in the notes section so that my husband’s head doesn’t spin off from finding out I used the name of my actual maid of honor as an answer (something that could be guessed using Facebook).  Win, win.

2FA – The first time I saw 2FA it took me a while.  Techs and their acronyms.  2FA = Two factor authentication.  I actually like 2FA.  There are many different types. There are apps like Google Authenticate and LastPass has one as well.  Some sites send emails or texts.  Having 2FA offers an added level of security.  Criminals might be able to get my password somehow, but they would need my cell phone or my email account as well to get into my accounts. We heard on the news recently that the Colonial Pipeline attack was the result of not having 2FA on an employee’s remote access. Any inconvenience posed by 2FA is quickly overcome by my willingness to avoid the risk.

Anti-virus, anti-malware and filtering – Basic anti-virus is a necessity.  In addition, there are levelled options for filtering threats out.  Tobin can help define a solution that is optimal for you.

Robust disaster recovery planning – We have all been told since the dawn of computers to save frequently.  Disaster recovery planning includes how data is backed up, where it is stored and an analysis and plan for how long a company can be down.

Training – Tobin requires its employees to complete security training.  We call the program SleepWell Aware.  The training walks us through an education module, requiring us to pass a simple test.  The initial training is followed up with weekly emails about the latest trending threats and occasional tests.  We get sent emails, texts and phone calls throughout the year.  If we respond to the attack we are required to complete refresher training.  Yes, sigh… I did click on a shipping email that was a test attack and did get to review my training.  Thank God it was a test.

Cyber threats are only increasing.  In 2020 there was over $4 billion in damage from cybercrime and the cost has been increasing at an exponential rate each year.  Worldwide damages of cybercrime are expected to reach $6 trillion by the end of 2021 and it is expected to grow over 15% each year. The numbers are too staggering to even begin to comprehend.  CNBC in 2019 said that small businesses lose on average $200,000 per ransomware incident due to downtime and recovery costs.  Many of those companies end up going out of business. That is something that I can grasp. 

Tobin works with their clients through Technology Action Plans (TAPs) and Security Audits to assess and create security solutions that fit client risk tolerance and security compliance requirements. Criminals only have to get it right once; each of us needs to get it right every time.  The right plan will help reduce the very real risk to your company.  Call or email Tobin Solutions today to discuss how Tobin’s Security Strong focused team can help you.