My name is Lee Ann Collins, managing partner of Lane Gorman Trubitt (LGT), a public accounting firm in Dallas, and this job is keeping me up at night.
After last month’s article about who can be the victim of a cyberattack, it’s everyone, I sat down with Lane Gorman Trubitt’s IT professionals to have a talk about what types of cyberattacks are out there and how we can protect the company we love. This lead to me staying up late that night reliving the numerous ways that a malicious attack could impact a business. I am the managing partner of a company that supports many families, not only our employees and their families, but also our clients and their employees. Being well-informed is the first step to a strong cyber defense.
How can your business be attacked?
The goal of every cyberattack is to gain access to your system. It can be malicious like we saw with the 2016 Mirai Botnet, which attacked the service provider Dyn and shut down a large section of the internet including Netflix, Twitter, and CNN.
In May, the City of Baltimore was one of several municipalities that were attacked by ransomware this year. Hackers demanded that the city pay almost $80,000 in bitcoin to release the city’s servers that control everything from email to billing. This attack prevented city employees from accessing the system for more than a month and the city was unable to send out the June bills for utilities. Just to recover from this attack the city set aside $10 million in emergency funding.
Remotely accessing internet-connected devices is not the only way your network is at risk. Physical in-person attacks can be just as harmful. An unattended workstation with a USB port is an opportunity for malware and keystroke logging to be introduced to the network.
Once they are into your network, malicious individuals can bombard your servers with information causing them to shut down, called a denial of service attack. Your network can also be held captive by ransomware that sections off access to data until an amount of money is paid to the bad guy, but there is no assurance that once the ransom is settled that the information will be restored.
How do you prevent it?
Turn your employees into cyber-warriors for the company. Train them on how to identify threats within emails and websites. Explain proper password procedures, and institute a two-step verification process when vital information is being accessed.
Protect your physical assets by creating a visual database that is regularly maintained so that employees are easily identified. A visual database can be anything from photo ID badges to a seating chart with headshots on an intranet. The best defenders for your company are the people that work for it, but former employees who left on bad terms can become malicious agents. When an employee is terminated or leaves the company for another opportunity, protect your information by immediately removing access to any system and changing their passwords.
I know that your company is as important to you as Lane Gorman Trubitt is to me. Empowering your employees with training and tools to defend the company they work for is the best line of protection.
To better safeguard your business it is always good to contact your local security firm or reach out to any one of our professionals for recommendations. If you require any additional cyber security information or resources you can always check out the International Association of Privacy Professionals (IAPP) website.