Please ensure Javascript is enabled for purposes of website accessibility

Fighting back

You’re not paranoid, someone is out to get you. Here’s what you need to do

Matthew Ferrante, partner, cyber team practice leader, Withum.

Matthew Ferrante, partner, cyber team practice leader, Withum. – AARON HOUSTON

If a tech-savvy billionaire like Amazon owner Jeff Bezos can be hacked, is anyone safe? Bezos’ phone was hacked — and his intimate text messages and photos to girlfriend Lauren Sanchez were leaked — after he unwittingly accepted a virus-laden WhatsApp message, according to recent reports. Cyberspace is risky, but experts say businesses and individuals can get a leg up on protecting themselves by being careful.

“Trust but verify,” is an integral component of security, according to Matthew Ferrante, a former Secret Service agent and current partner at Withum, who leads the accounting, advisory, tax and audit services firm’s Cyber and Information Security practice. “Every business depends on technology, and they should consider third-party independent audits, with the provider selected by non-IT staff to avoid conflict.”

Hackers often target employees — using fake emails, websites and other ‘phishing’ scams — in an effort to get passwords, he added. “Businesses need a holistic approach, where they’re utilizing employee training as well as technology to fend off attacks,” said Ferrante. “Start with a strong password — when we assess security we can often crack a password in five seconds or less — and reinforce it with password management tools, and with training,” so employees are less likely to click on an infected link or disclose sensitive information to unauthorized parties.

Kim Albarella, senior director of security advocacy, ADP. - CRAIG

Albarella

According to ADP Senior Director of Security Advocacy Kim Albarella, companies should focus on three key cybersecurity areas: security, data and people. “Businesses need to make sure that they focus on keeping their systems updated with the latest security software, most recent web browser versions and updated operating systems,” she noted. “They should also make sure that they apply patches, especially critically urgent ones, as soon as possible and set antivirus software to run a scan after each update.”

A company should also “clearly identify what type of data it has and identify whether it is considered sensitive, personal, financial, employee data, client data,” or other, according to Albarella. “Then, business owners need to understand regulations or compliance requirements around that data.”

Focusing on people is also vital, since employees “are the ones that see the detailed transactions, know what ‘normal’ looks like and are interacting with the networks every day,” she added. “Make it easy for them to report suspicious activity and make them comfortable with reporting mistakes. Implement a culture of secure behavior that starts at the top by incorporating the concept of secure behaviors into company-wide messaging and employee activities, including formal training.”

Easy prey

Manfred Minimair, professor, Seton Hall Universident Department of Mathematics and Computer Science.

Minimair

Just about any company can be a target but small businesses, which lack deep financial pockets, are often the most vulnerable to cybercrime, according to Manfred Minimair, a department of Mathematics and Computer Science professor at Seton Hall University. Still, “there is a huge need for more cybersecurity expertise among businesses and their IT departments” in general, he added. “Since it is hard to fill these gaps by hiring new employees, many businesses may find it more efficient to develop their own expertise with their own staff; professional organizations and academic institutions like Seton Hall University provide training programs.”

The majority of breaches are due to “social engineering,” where “the bad guys get a victim to do something he or she shouldn’t do, like clicking on a link and downloading malware,” said Alpine Business Systems President Bill Blum. “That’s why employees need to be educated about phishing and other attacks, like an official-looking email that asks for your username and password.” Among other cybersecurity services, his company creates fake phishing bait that clients can use to test their employees’ propensity to fall for these kinds of scams.

“The good news is that hackers are lazy and prey on soft targets,” Blum added. “They’re like burglars who turn a doorknob on a house or look for unlocked cars — if it’s not easy to get in, they’re more likely to pass you by and try someone else.”

Small details can mean a lot. Jennifer Mazzanti, chief executive officer of eMazzanti Technologies, recently got an email that appeared to be from her husband, Carl, saying “Can you look at this and get back to me,” followed by a hyperlink. She said it was a red flag.

“The request was too generic,” she noted. “So I called my husband and asked if he had indeed sent it to me. The answer was ‘no I didn’t.’ If you train people to send messages with something personal, like ‘As we discussed over lunch at [name of restaurant] today,’ — and train them to expect something similar for incoming emails before clicking on a link — you can go a long way towards securing your systems.”

Having the correct safety hardware and software, and working with a knowledgeable cybersecurity provider is important, she added, “but you also have to implement ongoing training that includes handbooks or procedure manuals. And determine whether or not your employees even need to have the ability to download data.”

Backing up data, as often as every 10 minutes, to the cloud or other off-site location is also a good idea. “Up to 50 percent of our inbound leads are from someone who just suffered an intrusion,” Mazzanti said. “You can lose data due to ransomware, or a natural event like a storm. But if you can quickly load your information back to, say, 10 minutes ago, your business will likely be able to quickly recover. The initial backup can be time-consuming and costly, but subsequent incremental backups can be done in real-time, at a competitive price.”

Shena Seneca Tharnish, vice president, Cybersecurity Products, Comcast Business Services.

Tharnish

Comcast Business recently announced the launch of a cloud-based internet security solution, Comcast Business SecurityEdge. It offers network- and device-level protection against malware, ransomware, phishing and botnet infections, according to Shena Tharnish, Comcast Business’ vice president, Information Security Products. But education, policy and practice should also be part of security efforts, she noted.

“One of the biggest mistakes businesses make is not educating themselves and their employees on the best security practices and policies,” said Tharnish. “These include things like not sharing passwords, developing policies to regularly update credentials, and practicing good security hygiene such as keeping current with software versions, updates and patches. Businesses also need tools that deliver protection to all devices connected in their office, scanning for threats; securing the network; and performing threat analysis to keep their business safe.”

1 of 2

1 article remaining

Advance your business edge with news from NJBIZ. Register now for more article access.


NJBIZ Business Events

NJBIZ Business of the Year 2021

Tuesday, December 14, 2021
NJBIZ Business of the Year 2021

NJBIZ Winners Circle - Where Are They Now?

Wednesday, December 15, 2021
NJBIZ Winners Circle - Where Are They Now?

NJBIZ Best Places to Work 2022

Thursday, September 29, 2022
NJBIZ Best Places to Work 2022