Blog

Are Your Network & Systems Truly Safe?

Barry Herring, owner of CMIT Solutions, gave the SHRM St. Louis audience some sobering statistics and some great advice at the May Breakfast Meeting.
 
Barry got everyone's attention with these stats:
  • Ransomware is expected to attack a business every 14 seconds by the end of 2019
  • The average downtime for a company after a Ransomware attack is 7 days
  • 1 million cyberattacks are attempted each day
  • Since 2013,the FBI reports that Business Email compromises have cost companies $12,536,948,299
  • 23% of phishing emails are OPENED by recipients
In his presentation Barry noted that hackers are usually lurking undetected within a company's system for at least six months, working behind the scenes without detection, learning how the system and the employees operate.

As frightening as the statistics are, Barry said that there are simple steps that companies and employees can take to help minimize the damage.

For the End user:
  • Be suspicious, paranoid and vigilant about your email.
  • Closely inspect any suspicious email.
  • If unsure ask your IT department or the sender if it legit.
    • When in doubt, pick up the phone and call the sender.
  • Don't click on links or open file attachments unless absolutely, positively sure.
  • Never send money to anyone based only on an email.
  • Watch out for the latest gift-card scams!
  • If you think you've fallen victim, do not keep it a secret. Let your IT Administrator know ASAP.
  • Use varied and strong passwords for all systems (not “password” or “abc123”).
  • Consider using a password manager such as RoboForm, LastPass, Keepass or others.

For the Company:
  • Conduct Employee education - phishing training is a good place to start
  • Employ strong password policies
  • Utilize good accounting controls
  • Buy Email Security/Anti-Spam Services and Anti-Virus and Anti-Malware Software
  • Make sure you have up-to-date software patches
  • Implement strong firewall with security services and website filtering
  • Use Multi-Factor Authentication
  • Make sure you have backup and disaster recovery and Cyber-Liability Insurance