One might think small and large businesses in west Kentucky have nothing to worry about when it comes to cyber security and cyber attacks.
And one would be incorrect.
During Thursday’s Trigg County Chamber of Commerce “Lunch & Learn” at the Cadiz Renaissance Center, FNB Bank Information Security Manager Nick Johnson shared the diagnostics of how to handle these issues, should a local business encounter them.
Johnson noted that a “vast majority” of businesses have their security breached through e-mail accounts — where readers give up credentials through fished responses, thinking the message is legitimate.
He added that cyber attacks don’t usually come from some “elite hacker down in a bunker,” but instead comes from organized and thoughtful crime sprees — sprees that make a lot of money.
Johnson had some quick suggestions that could immediately help businesses beef up security in a cost-effective way:
— Use strong passwords and multi-authentication options, like biometric scanning and text-message confirmation. Passwords with multiple letters, numbers and special characters are exponentially more difficult to crack.
— Get a spam/e-mail filter in place, and train employees on it.
— Employ some sort of network security, including firewalls and operating system updates.
— Create backups, especially for ransomware and disaster preparation. And test those backups.
— Secure any and all Wi-Fi connections through their respective routers, using passwords and PINs.
— Payment processors are key, especially for any business that uses point of sale on its floors.
— Maintain gatekeeping on the access to critical business data, by creating different accounts on hardware. Johnson noted “no one should be an admin, who isn’t doing admin” work on a computer or server.
— Closely monitor and keep safe those who “bring their own devices” to work.
— Develop a policy and a procedure cybersecurity manual for employees and staff, in case there is a breach somewhere along the way.
— And have a response plan, potentially alongside some cyber insurance.
Johnson said the type of data cyber terrorists are looking for includes personal data, particularly regarding bank accounts and credit cards.
Johnson also noted that if someone contacts you from a reputable source, but it seems questionable, do your own research.
Additional resources:
Free cloud storage — Google Drive (15 GB), Microsoft OneDrive (5 GB), Box.com (10 GB)
Antivirus and security patches — Sophos.com, Operating System Updates, Hardware Updates
Vulnerability scanning — Nessus Essentials (tenable.com), Qualys Community Edition (qualys.com)
Email security — Amazon Cybersecurity Awareness Training (learnsecurity.amazon.com)
General information — Cyber Essentials (cisa.gov), KnowBe4 (knowbe4.com), Computer Security Incident Response Plan (ready.gov)
