The recent incident at Mar-a-Lago, President Donald Trump’s winter White House, was a poignant reminder that even the presence of Secret Service is no deterrent to those determined to compromise our systems.
The president is not the only vulnerable party. Monroe County School District was attacked last year by ransomware, which holds your files hostage until a ransom is paid. In addition to disabling access to information, ransomware can result in inappropriate access and loss of data. Aventura Hospital, for instance, reported a data breach that impacted about 85,000 patients in 2012-2014.
No business or organization is safe.
In addition to loss of reputation and disruption of business, a data breach is an expensive and inconvenient ordeal. Hackers often target small and medium-sized businesses/organizations and set the ransom price low enough so victims are inclined to pay. If your business maintains records such as Social Security numbers or if it needs to be compliant with regulations such as HIPAA, you may be legally required to notify your client base of a breach that is embarrassing, inconvenient and stressful and can lead to lawsuits.
So, what can you do to protect yourself?
An essential step in the protection process is to have an overall awareness of risks and regular conversations with your staff. Clear IT-use policies and standard operating procedures should be an integral part of your new hire training. Protocols should be established for sending, receiving, and storing records, data and even financial transactions. Educating users about security risks, best practices, phishing and the consequences should be ongoing.
For example, emails asking for Social Security numbers, passwords or claiming you owe money could be a phishing attempt and users should investigate the authenticity by checking the source and characteristics. Another example would be a clear policy about never writing down or sharing passwords. A document labeled “passwords” is a disaster waiting to happen.
As a business owner, you will want to keep track of software downloaded and installed on every system. Be very cautious of free software; there could be malware, a hidden program that provides a malicious party access to your system. Even if there is no malware, free software does not come with support. Protect your systems with anti-virus and anti-malware software and hardware protection that filter malicious and non-work-related access and is constantly monitored by a designated staff member or your IT professional.
It’s also crucial to have consistent and proper off-site backups that are routinely checked in preparation for any kind of disaster, be it a cyberattack, or a natural one like a hurricane. An off-site backup is safer because it allows a business to restore data and become operational even if the local environment and data are compromised.
Ideally, businesses should work with a managed IT service provider — one that is ever-vigilant, in contrast that one that reacts to emergencies and situations. If not, businesses should keep their systems updated and fully patched with the latest security releases. Updated programs are less vulnerable and patch management prevents hackers from utilizing a flaw in the system and compromising your network. Many attacks take place outside normal business hours to allow time for the cyber breach to go undetected.
One recent weekend, we received an alert from the system of one of our largest clients. Our investigation showed hackers were attempting to take advantage of a flaw in the firewall to compromise systems. We contacted the manufacturer, reported the problem, helped mitigate the situation and had the problem fixed within the same weekend with zero service interruption and zero bytes of compromised data.
Bottom line: Protecting your IT is a 24/7 job, not a once-a-month exercise. It requires constant vigilance, education and up-to-date security software.
David B. Moadab is managing director of Solutions Squad Inc., a managed IT services provider based in Hollywood that has served small and mid-size businesses since 2005. 305-677-2389 or http://solutionssquad.com.
▪ This is an opinion piece written for Business Monday’s “My View” space in the Miami Herald. The views expressed do not necessarily reflect those of the newspaper.
▪ Have a ‘My View’? If you have a point of view on a business topic you would like to share, consider writing about it for Business Monday. Pitch your idea to rclarke@MiamiHerald.com. Guidelines: Submissions should be around 600 words; should state a topic clearly, with supporting examples; and use examples drawn from South Florida. They should also be accompanied by a photo of the writer, emailed as a jpeg. ‘My View’ submissions that are accepted are published as space allows.