The first step in learning how to manage cyber threats is determining what the threats actually are. There are 5 major threats to a company of our size.

1. Phishing Attacks
2. Ransomware
3. Insider Threats
4. Weak Passwords
5. Vulnerabilities in Software

Let’s describe each of these a little bit more in depth.

Phishing Attacks

First up we’ve got phishing attacks. A phishing attack is when a cybercriminal poses as a well-known company or entity. They will attempt to gather passwords, banking details, and any other sensitive information they can gain access to. It’s very important to be constantly aware when you receive emails. There are some things you can look out for to avoid falling into a phishing scam. According to the FTC (Federal Trade Commission),  scammers may tell you that they have noticed unsuccessful log-in attempts, say your payment information is incorrect, say you have a government refund or include some sort of link for you to click on. NEVER CLICK ON THE LINKS. These may lead to fake websites and when you enter your information they will use it for whatever they want.

Ransomware

Ransomware is a form of malware or bad code that infiltrates a companies systems. Sometimes, the links in phishing emails will download this ransomware onto a company server. They will take over part of the software and “hold it for a ransom.” They will request large sums of money or cryptocurrency in exchange for the information back. During the height of the COVID-19 pandemic, ransomware became very prevalent so there is a lot more information out there than before. To learn more, read this article from Check Point Security.

Insider Threats

Sometimes, cyber threats can even come from within the company. According to the Cybersecurity & Infrastructure Security Agency (CISA), there are two main types of insider threats, intentional and unintentional. Unintentional could involve a number of things. An employee may accidentally click on a phishing email like mentioned above. They could also lose memory drives containing sensitive information and they could fall into the wrong hands. It is important to keep track of every bit of information you have. It’s also important to change your password and other login information when prompted, usually about every 90 days. Make sure to keep anti-virus software and other security  measures up to date on ANY device you access information involving the company.

Weak Passwords

Weak passwords can be a huge issue for an individual but, they can also be detrimental to larger corporations like ours. One weak password can give an experienced cyberhacker access to a whole network of information. There are 5 things that we can all do to help secure our passwords and ensure they are as strong as can be. First, avoid using common passwords such as “123456” “a1b2c3d4e5” or even our birthday. These are easy for people to guess. Avoid reusing passwords. Although it may be easy to just have one or two passwords you use for everything, one website leaking information can lead to all of your personal and business information being accessed. When offered, use 2-factor authentication. This adds an extra layer of security so even if your password is leaked, there is a second layer to get through. Like previously mentioned, regularly update passwords. When we send out reminders to update passwords, don’t ignore it. It’s important to update regularly as there is a lower chance of someone guessing passwords only active for a few months. Finally, store your passwords somewhere safe. This means don’t have them written on a post-it note or carelessly left on a desk. Make use of locked password managers or save passwords on your device. These tips will all ensure you have secure passwords and keep our company data safe.

Software Vulnerabilities

Software vulnerabilities are more technical than many of the other threats to a company. These would more be the concern of those working on the technical side of things. Employees in that position must be constantly aware of potential vulnerabilities in software. We must be aware of outdated software and unpatched systems or “backdoors” into our software. There is a necessity for constant software vulnerability checks. Many companies offer free checks to determine how strong our infrastructure is and where there is a need for reinforcement in our software. We can perform these checks regularly to ensure we are doing all we can to keep our information safe.

 

Now that we have established vulnerabilities, let’s talk about 5 specific software our company utilizes and how they could be accessed by cyber criminals.

1. Microsoft Teams
2. Our own website
3. Hard drives
4. Desktops at our stores
5. Outlook

Microsoft Teams

This is an extremely useful tool however, it can be a security risk if we are not careful. Never share passwords or any sensitive login information through chat features. If you are ever on a public computer, make sure to fully sign out and delete any information someone could use against the company. Additionally, make sure you are using a secure internet connection when talking about company details. Use discretion with chatting with potential clients and keep secure information secure.

Our Website

As an e-commerce company, our website is vital to our survival. There are some things we can do to keep it protected. Firstly, we want to make sure that all information posted to the website has been double checked and there is nothing being released that shouldn’t be. Since we do have contact info on our website we want to make sure that all messages that come through are legitimate and verified potential customers. We also want to make sure we are checking that we always are on our company website as people sometimes pose as companies and use anything you input to weaken our security.

Hard Drives

Hard drives are physical storage units. These are utilized in our company for backups and for storing sensitive information. If you own one, make sure you always keep it in a secure place. When downloading information make sure there aren’t any viruses or malware also being downloaded. Do not mix personal and business information on hard drives. If you ever misplace a hard drive, inform someone in the IT department so we can be aware and ready for anything that may come of it.

Desktops

At each of our 3 locations, we have offices with 1-3 desktops used for company information. There are a few things we can do to ensure our data is protected. One, never leave the computer logged in overnight. Always close all tabs and log out completely. Make sure you don’t leave the computer unattended while logged in. These desktops are only for work purposes so do not log in to personal accounts or try to access personal information on them. Don’t leave the passwords visible. If you print any sensitive documents, clear the printer history and keep them in a safe place.

Outlook

Outlook is the main emailing system we use. We want to apply the same safeguards we use when on Microsoft Teams. Don’t share sensitive information, keep track of who you are contacting. It is also necessary to be aware of phishing scams and false links within emails. Log out of your email account when you are finishing work each day. Make sure your email signature only contains your company phone number as opposed to your personal contact information. Don’t give out any details about the company to prospective clients that isn’t public information.

 

There is a lot of information available about cyber attacks and protections to put in place, here are 5 things I recommend for our company.

1. Update passwords for any company platform every 90 days. Reminders are sent but they need to be made mandatory.
2. Do not use personal computers to access sensitive company information.
3. Make sure there is up to date anti-virus software downloaded on every company device.
4. Be aware of any links sent in emails.
5. Keep hard drives in a secure place when not being used.

Following these steps will give us the best chance to be a secure company and avoid any data leaks or ransomware attacks.