Warning: Your Business Information is Vulnerable to Attack

Gerard T. Capraro, Ph.D. of Capraro Technologies, Inc. leading a seminar at Scalzo, Zogby & Wittig

Our insurance agency has gotten so thoroughly automated these days that we thought it a good idea to ask a Utica area expert on information assurance to our office. We closed for an hour and asked him to meet with our entire staff. We were interested in his ideas on how we could assess our risks and vulnerabilities and put together a plan to protect our information.

He is Gerard T. Capraro, Ph.D. of Capraro Technologies, Inc. at 401 Herkimer Rd., Utica. We’ve known Dr. Capraro for a long time and call on him when we need IT advice or special software. We wanted our employees in on his talk because they are the front line of our business and most vulnerable to attacks on our information.

You’re probably asking, “What is information assurance?” Well, it includes the protection of the integrity, availability, authenticity and confidentiality of user data. This includes protecting information in digital form, analog, and physical.

In other words, not only must you manage the integrity of the information your business generates on its computers, but also on paper. So, as Dr. Capraro pointed out to us, it’s just as important that you’re shredding confidential information properly before throwing it in the trash as you are protecting the information on your computer from hackers.

Cybersecurity is an important part of information assurance and it has become a big problem for businesses (and families) in the digital age. People are far more vulnerable to hackers than they often believe. We have published posts on cybersecurity because we believe it’s so important to your risk management program (links to those posts are at the end of this article).

Dr. Capraro emphasized that the first line of protection in any business is its people. “The human fire wall,” as he put it. And today’s hackers (the bad guys) are going more and more after human vulnerabilities by using “Social Engineering” attacks via Phishing emails, impersonating social media accounts, and using fake websites to trick you into entering your account information. According to a recent study, approximately 93% of all phishing emails now contain a ransomware attachment.

What is ransomware? This is when a hacker installs a virus onto your computer without you knowing it. The virus restricts access to your system by either encrypting your files, the operating system, or both. Then the hackers demand money (the ransom) via Bitcoin (untraceable digital currency) to remove the encryption.

And the consequences can be expensive. A single employee, if infected with a ransomware virus, not only can encrypt the data on that one computer but also all of the files and information within the entire network. This causes significant downtime for the company as well as an extreme financial burden when you factor in the cost of the loss of business, reputation, and remediation.

How Can You and Your Employees Protect the Business from Cyber Attack?

• Don’t allow employees to forward emails to work from their home computer. You can’t be sure of the amount of protection that they have at home.
• Always install the updates and patches you get automatically from your software.
• Download your anti-virus updates. Your software is constantly changing to align itself with the latest threats.
• It’s advisable not to download games or screensavers onto your business computers. You never know what malware they may contain.
• Always back up the day’s work.
• THINK BEFORE YOU CLICK on an email attachment, especially if you’re not expecting an email from that person or it has a link to a website that is asking you to enter your information.
• Don’t leave the default passwords that come with a new computer. Change them right away to ones that are strong and hard to steal.
• Have a disaster recovery plan in place and test it at least once a year.

It’s really up to everyone in the company to protect information systems from viruses and cyberattacks. Dr. Capraro made it clear to our staff that we needed to be careful with passwords, email, and updates and again emphasized how important it is to use caution and critical thinking when dealing with email attachments. If it is unexpected or odd STOP and ask an IT professional BEFORE you click anything.

We thank Dr. Capraro for helping us with his expertise here at our office. You can call on Capraro Technologies for disaster recovery, surveillance systems, data center and business class hosting, custom software, information assurance and cybersecurity related issues.

Call us if you have any questions on how to mitigate and financially protect yourself from events like this. We can help you manage your risks with solid internal systems and the right cybersecurity insurance policy for your business.

Until next time,
The SZW Team

More Cybersecurity Insurance and Risk Management posts from SZW you might be interested in:

Cyber Liability Insurance for Your Business

Your Business’s Data Protection and Cyber Risk

What is Your Risk of a Cyber Attack

Scalzo, Zogby & Wittig, Inc. is your New Hartford area independent insurance agent. Call us for a quote on insurance for your home, car, business, or life at 315.792.0000. Or request a quote here.