Excuse to do nothing number one….. “Well my business is way too small for hackers to even notice or care about”…. Well until it happens to you that is. I was at a WordPress User Group a few years ago and one of the folks attending was asking for help, his computer was locked up by a hacker using ransom ware and wanted $350 in Bit Coin to unlock it. Several months ago a Orange County Company (Several $100 Mill in revenue) got hit with ransom ware, they didn’t pay and it took them nearly a month to get fully up and running. So how long can you afford to be with out access to your network?
Excuse to do nothing number two…..”My data isn’t anything a hacker would want, it isn’t all that valuable.” Well you are right it isn’t valuable to the hacker, but is valuable to you and that is what the hacker is depending on. Just how long could you last without access to your: Customer Contact List – CRM, Email, Accounting Software etc.
We have defied the problem now what is the solution? There is no magic bullet software that will provide 360 protection all the time everywhere. It is only by layering the protections and methods I will discuss that we can have a good affordable level of protection.
The place to start is with people as 91% of attacks get in with a phishing email. You might be thinking I would never fall for those lame poorly worded spamey phishing emails that all end up in my spam blocker. That is not what Cyber Criminals – Hackers are doing these days. They prey on people who want to be helpful, like customer service and sales, folks who are trained to help. These Cyber Criminals are sophisticated professional criminal syndicates who are running a “Business”. Before even sending their Phishing Email they do their homework many times on social media. They craft an email that looks like it is coming from someone you already know.
So how do we defend against this type of attack. Here are some suggestions:
First and foremost: Train your people to Not Open any email unless they know who it is from and if it looks suspicious verify the sender by Hovering over the Senders Email Address by holding the mouse over the email address to see if it is spoofed. See example below we will look at the two flagged emails below:
- Install and use a good spam blocker at Both at the Server Level (if you use a server that is) and the Personnel Computer level .
- Train your people If they do not know the sender or if they are at all suspicious of the email and it contains links Do NOT click on the link.
- Have policy’s in place for personal email and access using company computers.
- Keep your operating systems software up to date they often include patches that help keep the bad guys out.
Play the odds, since 91% of Hackers – Cyber Criminals gain access using phishing emails do your best to stop them right there. The first and often best layer of protection from Cyber Crime is trained people. A well trained team will make it much harder for a hacker to gain entrance to your system. If you make it hard they will often move on to an easier target.