By Stephanie Meador, posted Feb 2, 2023 on BizFayetteville.com
Security is of the utmost importance for creating and operating a successful business and establishing trust among clients. As tax season kicks into full swing, it’s extra important for businesses to take precautions when sending out sensitive documents for their employees and clients.
President of the Fayetteville branch of Team Logic IT Jaron Cayton shared advice for protecting your business’s data and avoiding cyber attacks.
When presented with the question of whether or not certain months out of the year prove to yield a higher risk for cyber attacks, Cayton offered this response: “Businesses are always at risk and really should be vigilant throughout the year. I will say months where businesses are compiling a lot of reports and delivering a lot of things to employees like W-2 information, especially sensitive information like W-2s and 1099s, that’s always an opportunity for a social engineer to write up an email that looks like it’s coming from someone’s internal team and it’s really not and it’s an opportunity for them to click on a link because they’re expecting documents from their employer, things like that. So, I guess maybe that falls in line with the February timeframe with tax season, but I would encourage everyone to be vigilant year round.”
With the knowledge that businesses are always at risk of being targeted by social engineers, it is important that they take precautions to educate themselves and their staff to avoid falling victim to one of these attacks.
“There’s some basic things you can do and you can talk to your cybersecurity team or your IT provider to ensure your systems are secured and up to date,” shared Cayton. “And then there’s some higher level things you can do in terms of monitoring your systems and how they communicate, as well as training your staff. That’s probably the most overlooked one is when we put all these great systems in place, but if my staff opens the back door or the back door [is] unlocked, it makes it very easy for someone to take advantage [even] with really complicated, complex systems in place.”
For anyone just starting out with their business or looking to increase their security measures, Cayton offered some suggestions for resources to consider. “There’s a lot of good information out there about the NIST framework, which is the National Institute for Standards and Technology and at a real high level that’s going to talk about how to control information within your business or within your organization. And then I would look to the big trusted brands out there. Microsoft has really solid products around Office 365 that come with kind of purpose built security implemented already or are able to turn on pretty easily.”
Additionally, it is always a good idea to speak with a trusted advisor. GFBJ’s 2023 Book on Business, which comes out Feb. 28, includes a list of managed IT firms located in Fayetteville and surrounding areas. Companies such as those that made the ranked list work with clients every day to help them develop cybersecurity plans.
If plans are compromised or something slips through the cracks, there are necessary steps to be taken to reset and combat a cyber attack. Cayton shared some insights into what this process can typically entail. “You have to kind of do a deep dive first and make sure you understand the scope of the attack. And that’s usually done with your IT provider or your IT partner. They need to talk with their insurance company. There’s likely some requirements for notification to clients or to vendors, and just follow those steps accordingly, but you’ve got to understand the scope of it first.”
It can also be tricky to spot the onset of an attack. “It’s not always obvious, a lot of times attacks will lay dormant. They’re either collecting information to launch a greater attack later or they’re kind of waiting to see where the vulnerabilities are. So it’s difficult sometimes to detect if you don’t have the monitoring systems in place ahead of time,” remarked Cayton. “Usually key indicators that it’s an active attack is somebody sending emails or impersonating you from an account that is yours. Somebody’s taking control of your machine or has encrypted files and has left a message on your computer that says I’ve encrypted your files, that’s typically ransomware.”
Monitoring tools assist in identifying symptoms of foul play on your devices. “Cybersecurity is going to continue to be top of mind even more probably than, certainly more than physical security, but even more than efficiency and usability, some of these things are going to be sacrificed on the altar of cybersecurity. I think in general, you’re going to see defense get better, but it’s not going to go away, right? And things are going to be more automated and relying on a computer to check rather than a human, but it’s always going to come down to people knowing what to do and responding correctly. Not clicking on links, not sharing information. That’s still the easiest way to attack a business is by hacking a person, right? Social engineering and not trying to access their systems directly,” concluded Cayton.
One of the most important security measures a company can take is to ensure their employees are educated about the risks of cyber attacks and navigate their systems with caution.
Copyright © 2023
Enhanced Media Management Inc. dba
Greater Fayetteville Business Journal
This story may be displayed, reformatted and printed for your personal, noncommercial use only and in accordance with our Terms of Service located at https://bizfayetteville.com/useragreement.