By Sid Chadwick, Chadwick Consulting, Inc.
“The FBI, as of May 28th, had received around 320,000 complaints of internet crime, a senior official told the Senate Judiciary Committee in June --- nearly double the rate for the prior year.”……..The Wall Street Journal
As of March 9, 2020, CNBC reported… that 60% of small businesses that suffer ransomware attacks --- go out of business…...!
Verizon reported…. that 34% of data breaches involved --- internal actors….!
“Work-from-home requirements…. have magnified… cybersecurity threats… for practically every company…. whose data now must traverse WIFI networks with passwords named after the family dog… while workers share devices with teenagers taking classes on Zoom…. or playing Fortnite with their friends.”
“About 53% of people working remotely conduct company business on personal laptops, which often lack safeguards that many employers provide, such as firewalls and antivirus software, according to research from International Business Machines Corp.”…even worse....“29% of remote workers said they let kids and other family members use their work laptops… for online shopping and gaming.”
According to Dick Vann, our CEO Peer Group’s retired Venture Capital Investor and informal IT security expert/advisor…“…make sure that any company computers that use WIFI (read that as “Sales” and “CSR’s”)… use a VPN (Virtual Private Network) --- especially when using public WIFI”…also...“consider at least annual (quarterly or every six months are preferred) penetration tests”….and….. “remember 2016…..for all the talk about Russia, the DNC email leak…was caused by John Podesta giving his password to a phony Google security email.”
When we review these recent reports, the conclusion is inescapable.....we are being threatened....and the threats are increasing........!
What do your internal….written….ransomware defenses say…and…. how often are they reviewed…with all employees….who are required to sign an acknowledgment?
Is it SOP… for all passwords and locks to be changed…when an employee leaves…?
It’s not unusual for senior management to surrender security issues to IT personnel…. with little overview.
Most expert security suggestions include that senior management should insist on annual reviews of SOP’s and systems --- until they understand them. Often, that insistent questioning… uncovers “holes” and “omissions” --- your internal IT experts --- missed.
Other suggestions from Dick Vann:
- Have all systems and all data transfers encrypted.
- Require passwords to use sensitive systems.
- Consider limiting which data is stored, and for how long. For example:
- Don’t backup full systems; just backup data that really, really needs to be saved.
- Don’t backup data that can be retrieved from other sources – especially true for sensitive or confidential data.
- Don’t backup client data unless you are being paid to provide such services (and think twice about offering such services.)
Tell clients project data will be destroyed (or returned to them) at the end of projects.”
As with most precautionary steps, and with all operations, if it can happen….and you are in business long enough…..it will happen….!
“If anything can go wrong… it will.”…..(named after Air Force Captain Edward A. Murphy, an engineer working on a project to see how much sudden deceleration a human can stand in a crash)