Transcription

Speaker 1 (00:01):

Hello, we appreciate you taking advantage of this training video. This short video, we'll go over basics and cybersecurity awareness that everyone should know in order to help keep you and your company safe. Before we get started, I wanted to introduce myself. My name is Chris Kimball and I founded Wolf guard it in 2010. We now have about 35 staff and we service small business customers in Montana, Texas, California, as well as some in Ireland in China, we primarily provide full 24 7. It support that is like having your own it department with no labor costs. We also provide cybersecurity services, which should be a huge focus for any it support company, but lacking in most our cloud-based phone system is another service we provide, which is great for companies looking for a budget friendly, scalable solution that offers continuity and mobility to their staff.

Speaker 1 (01:08):

In this video, we will cover why you and your staff should care about cybersecurity and knowing security best practice. Most people believe a firewall and antivirus is all you need, but this is only filling two of the many possible entry points a hacker can target. We will also review some common security threats and provide some examples to review, to help you easily identify these threats for yourself in the future. And finally, we will cover some security best practices you can take to increase your protection. Why should I care? All you have to do is listen to the recent TV news or read a newspaper to hear how another company got hacked and how their customer's information got leaked, or how a company lost thousands from a ransomware attack and lost everything. What I learned from talking to small business owners is that they believe because they are small.

Speaker 1 (02:08):

They're not a target to hackers. So I want to share with you how this is not the case and having this mindset could cause devastating consequences to your company and livelihood. The U S census reported that two and three small business leaders believed a cyber attack is unlikely to them. They also discovered that same year, 67% of small businesses experienced a cyber attack data. A leading disaster recovery company reported that downtime costs are up by 200% year. Over year, cov were reported that 2019 saw a triple increase in ransomware costs to over $36,000 per attack. Experian stated 60% of small businesses will close after experiencing a data breach. If your company were to experience a breach, how would you fare besides the direct cost of an attack and downtime? The public could lose trust in your ability to keep their information safe, resulting in less sales. Also, you could be facing regulation and compliance fines. Remember you and your staff are the last line of defense hackers. Look for the Zs targets with biggest payoffs by making sure your organization is following security best practice. Your chances of being compromised are greatly decreased. Security is built in layers, just like your home has several entry points. So does your network and computers. This is why only a firewall and antivirus are not enough to keep your system secure.

Speaker 1 (03:58):

Here are some of the must haves for security layers, firewall just as a door to your house. The most common entry point between your family and the world. A firewall is the gateway between your company's data and the internet. There are many firewalls out there and none of them are created equal at a minimum. Make sure you have a next gen firewall with an active license that includes updates and general security protections. Antivirus anti-malware most antivirus applications provide reactive protection. After a new virus has been discovered. They program their software on how to detect it with over 350,000 new malware and potentially unwanted applications created daily. How well do you think these types of companies protect you? Instead, we suggest using a deep learning solution. Deep learning is the next level up from AI or computer learning. These programs are taught to identify threat behavior and can detect new threats that are not even known yet.

Speaker 1 (05:06):

Web filter compromised or fake webpages are a common source for websites trying to attack your system or scare you into paying a hacking group. Money. Web filtering protection should work. If your computer is in or out of your office. Email filter email is a high source for ransomware and email filters help block them as well as phishing and spam emails, persistent access hackers have begun taking advantage of application vulnerabilities and backdoors, allowing them to gain long-term system access without alerting anti-malware applications. You need a solution in place that detects this access. So it can be quickly fixed and closed windows and other operating system updates updates provide fixes to known vulnerabilities, bug fixes and overall system improvements. Those messages about having to reboot in order to apply updates may be annoying, but they could easily save you your day or all of your work from being lost password managers with a password manager, you only have to remember one password. They will help you keep every password unique, complex long, and some will even scan the dark web to alert you if your password was leaked so you can quickly change it.

Speaker 1 (06:39):

It support verification. Hackers are starting to target it. Support companies in order to gain access to your company's systems. If someone were to call your it support group and claim to be the owner or your HR manager in demand, a password reset, would they be able to verify the person's identity or would they simply reset the password as requested security awareness training hugely important. You could have a top of the line security infrastructure, but nothing is 100% secure, consistently training and testing. Your staff will help keep them aware and know how to identify if something is real or not. Your staff is the last line of defense web attacks. Scareware, scareware tries to trick you into believing that your computer has an issue such as an infection or your computer being slow. The hacker wants you to call them so that they can charge you money in order to resolve this fictitious problem.

Speaker 1 (07:48):

They usually want to remotely connect to your computer to resolve the issue and may copy your personal information to sell on the dark web hackers may create a webpage that looks very similar to a real webpage, such as the Gmail login page or your bank login in order for them to capture your login credentials, pay close attention to the webpage address at the top of your browser to make sure you were truly at the correct site, email threats, phishing. The goal of a typical fishing email is to get you to click a link or open an attachment in order to compromise your computer. First, if you are not expecting the email or it just doesn't feel right just to lead it, it's better to be safe.

Speaker 1 (08:42):

These are eight warning signs that you've received. A phishing email. One, an email is addressed vaguely with salutation, such as dear valued customer to the subject uses urgent or threatening language such as account suspended or unauthorized login attempt three, you were being offered a lot of money for no reason. All you have to do is click for the email is poorly written looks highly unprofessional, or simply makes no sense. Five. The cinder address looks strange or doesn't match the contents of the email. Six. The request is completely unsolicited and was not initiated by an action on your part seven, you are being asked to surrender personal information, such as banking or credit card information or credentials eight. Something just doesn't feel right and offer seems too good to be true.

Speaker 1 (09:56):

In this first email example on the left, you will see it includes an office 365 image and nothing stating the person's name. It is made to look like it was sent from an automated system. The thing is this person doesn't even normally receive voicemails by email. In the example on the right, the cinder is trying to make the email appear to be critical because the person's emails were not delivered. You should first notice the sender's email address is not a normal looking format. The name of the group is also very generically listed as outlook server team and outlook and server are listed as one word. The email signature is also very generic. The hacker here is trying to get you to click on one of the links.

Speaker 1 (10:49):

Another type of threat to be aware of our physical shoulder surfing is when someone is looking over your shoulder while you're typing your password or work on sensitive information, this is more common in public places, such as the coffee shop hackers. Sometimes we'll load a thumb drive with a virus and leave it on a table in a common busy area, hoping that someone plugs it into their computer after all, it's a free thumb drive for desktop security, make sure to lock your computer before leaving or someone simply has to sit down at your computer and we'll have access to everything that you do.

Speaker 1 (11:32):

Password best practice hackers can use brute force programs to randomly try and guess your password making it long and complicated will greatly increase the difficulty to a hacker. Trying to guess your password. The FBI has proven that having a long and easier password is more secure, then having a very short but complicated password also using a password manager can make it much easier to keep all your passwords unique in order and be a more secure way of storing them with a password manager. You only have to remember one password atypical strong password is 12 characters or longer changed every 30 to 90 days consisting of numbers, lowercase, and uppercase letters with symbols. There are several methods of coming up with a great password. You can remember one method is by first, starting with a short sentence, removing all, but the first letter of each word, replacing letters with lower or upper case substituting numbers for a letter, and finally adding a special character multi-factor authentication. Even the strongest of passwords can be hacked or leaked through a company breach using multi-factor authentication can keep your account safe. Even if your password is compromised, multi-factor requires several different items in order to gain access something, you know, such as a password, something you are such as a fingerprint or facial recognition and something you have such as a changing code from your phone or a thumb drive key.

Speaker 1 (13:33):

If all else fails, make sure your company has cyber liability insurance. It could save your organization from having to close its doors and allow your staff to keep their jobs. Some policies will cover the cost of breach notifications in legal fees associated with a breach event. Thank you for watching our video. I hope it was helpful to you as a gift. I would like to share a handout with you that you can give to your staff. This document easily outlined eight warning signs that you've received a phishing email. So your staff don't fall victim. If you are interested in our services for your Montana small business, please schedule a free consultation by visiting us@wolfguardit.com and selecting the contact link. Thank you.