Cybersafety Connection November 2021 Vol #43  

  • No Industry is safe from cyberattacks, taking a look at this article for financial advisors.  
  • How to guard against cyberattacks in this article is applicable to small businesses. 
  • What you can do in the face of a cyberattack according to the author.
Picture taken from Microsoft 365 Images

No industry is safe  

No industry or organization of any size is safe from cyberattacks as has been stated several times already. Although this article on cybersecurity is meant for Financial Advisors, the general premise is applicable to small businesses.  

How to guard against cyberattacks  

So here are some quick tips on preventing cyberattacks even though we are aware it is not IF but When.  

  • Training  

For both owners and employees it is essential to be able to recognize suspicious emails or links. An example is a link that points to a website and when your mouse hovers over it, it displays a different name.  

  • Back Up  

This is simply saving your data in the cloud and on an external storage device like a flash drive that is offline and keeping it in a safe place away from the office location. Back-up can be automated using services like Clonezilla or Comodo Backups.  

  • Automatic Updates  

Anti-virus/anti-malware programs and operating systems should be set to update automatically. When the operating system is set to update automatically, the update helps to prevent cyberattacks and patches any hole in your system’s security.  

  • Third-party Solutions  

This involves getting a “zero-dollar retainer”. This retainer is a contractual agreement guaranteeing an hourly rate prior to any incidents occurring. This allows incidence response activities to begin unhindered and charges are only incurred after engaging Layer 8 Security in response to the incident (google.com). In this way, you are ready in case of a breach.  

For companies with more employees, consider a vulnerability assessment. Should you engage a managed service provider (MSP), ensure the MSP performs an annual vulnerability assessment and get the schedules and the results of the assessment in writing.  

What you can do when there is a cyberattack  

As we have already established it is not IF but When. When there is a cyberattack, here is what you can do;  

  • Disconnect the infected computer, turn off the network card or pull out the computer cords and isolate the infected computer as much as is possible before calling for outside help.  
  • If the external backup is available, you can simply do a restore of the computer system from the backup. If no backup and you have lost important/critical/confidential data, then you are left with limited options.  
  • When a cybersecurity firm is engaged, it may be able to fight the virus and decrypt the files in case of ransomware attacks.  
  • When no backup is available you may be faced with the option of paying the ransom which the federal agencies advise against unless it is lifesaving or time-sensitive data. There is also no guarantee that you will recover the data after payment since the hackers have too many victim’s payments to deal with. You are advised to call the local law enforcement along with the cybersecurity firm or your IT personnel.  
  • If you pay the ransom and obtain your data, ensure your computer system is cleaned up so you won’t become a target of hackers. If the services of a cybersecurity firm that has a “zero-dollar retainer” have been engaged previously as mentioned in Third-party solutions, they may be able to fight the virus and decrypt the files.  

Since no industry or company of any size is safe from cyber-attacks, it is best practice to take steps to prevent cyberattacks to protect your company and clients/customers from cyberattacks. 

Subscribe to get the latest post.