We’ve all gotten the emails claiming that you have been named in the inheritance from a long-lost cousin. All you need to do is click here and include your bank information, and the wire transfer will be sent.
While this is definitely a phishing scam, other emails are more subtle and have a greater chance of someone mistakenly clicking on the link and infecting the computer connected to the network. Don’t be fooled. Using Wi-Fi doesn’t mean you are safe.
A personal experience with threats
I recently spoke with cybersecurity expert John Sileo about his personal experience with identity theft and how to protect yourself from potential cyberthreats.
If you’re like me, you may have had your credit card number compromised and had to dispute fraudulent charges, get a new card and update all your subscriptions and other auto-payments. But it can be so much worse.
Sileo had his identity stolen twice. Even though you may have never met Sileo or heard about him, you might know his story. His ordeal inspired the movie “Identify Thief,” with Jason Bateman playing a character based on Sileo.
Sileo threw out a piece of mail he didn’t realize included his Social Security number. Unbeknownst to him, a dumpster diver found this piece of mail and assumed Sileo’s identity. The thief then took out a loan and purchased a new home in Boca Raton, Fla.
While not disastrous, the event was painful and created significant stress for Sileo and his family. After many sleepless nights and countless hours, Sileo was able to clear his name and start fresh.
As our conversation continued, Sileo told me of the second instance where he was victimized, this time by someone he knew and trusted—his business partner and best friend. This was much more disastrous.
Sileo was subpoenaed by the district attorney’s office for suspected hacking of their customer’s data. Once they were able to prove that it was his business partner, Sileo became a witness rather than a suspect. For the next two years, Sileo fought to clear his name. He lost everything financially, including his business, and he also lost precious time with his wife and young daughters. Now Sileo tours the country teaching people how to protect themselves and their businesses from cyberattacks.
Recommendations for protection
Here are Sileo’s top three recommendations for protecting yourself and your business against cyberthreats. There are many more resources available on his website, sileo.com.
- Educate your people on what to do and not to do. The basics are pretty easy to implement in-house. One principle is that it’s better to delete suspicious emails than take a chance. Sometimes, they come from what appears to be a legitimate email address from someone you know or who is within the company. If it looks suspicious, pick up the phone, call the person and ask if they actually sent it. If not, just delete it without opening it. The second basic tip is to use a secure password—something that can’t be easily guessed and you only rarely use. If you don’t have in-house resources capable of cybersecurity training, plenty of companies offer these services.
- Practice the 3:2:1 method for backing up data on your individual PCs and servers. A major misconception is that ransomware attacks only target large companies with deep pockets. While these tend to be the ones that make the news, criminals also target small businesses and individuals. When a ransomware attack happens, your data is encrypted (locked) until you pay a “ransom,” typically through a payment app (PayPal, Cash App, Venmo, etc.). Even one click on the wrong link can lock down your entire operation: accounting, estimating, project management, email and more. The 3:2:1 backup method creates three copies of your data: the original and two copies. You should use two different media for the backups—for example, an external drive and a cloud-based solution. One of the copies should be stored off-site and offline.
- Work with an outside firm that can assess vulnerabilities and offer guidance on fixing them. Working with an outside firm to audit your network and IT policies can save you a lot of money, let alone potentially lost time and productivity. Auditors will look for areas where you are susceptible, provide guidance on recovering from an attack and help educate and train you and your employees on how to avoid a catastrophic situation in the first place.
Unfortunately, cyberattacks can happen to anyone or any business. It isn’t a matter of if they will happen; it’s when they will happen. When one does, will you be prepared?
stock.adobe.com / antonbrand
About The Author
FIRESTONE, a former contractor, is the owner of Firestone Consulting Group. He can be reached at [email protected].