How To Stay Vigilant with Your Cyber Security
On Monday, ADAPT covered tips about the proper collection and management of customer and employee data. Today, an expert breaks down some basic ideas around keeping your systems secure.
Jon Vorisek is the founder of RepairSurge, a software-as-a-service platform and information provider for mechanics and independent repair shops. He and his team work in and around the web environment all the time, and his work with shop operators gives him a good perspective on common vulnerability points.
One general thing to consider is that big companies aren’t always the targets of hacks and cyber threats.
“I think a lot of people don’t realize that hackers don’t just go after big businesses,” Vorisek says. “We tend to think they’re going after juicy targets like major corporations or government networks. But the reality is that most breaches target small businesses. And unfortunately the majority of small businesses don’t have reasonable measures in place to protect themselves.”
Vorisek says that shops should go through threat modeling exercises to determine what systems and information need protecting, who might try to access that information and what the consequences could be for a successful intrusion.
From there, shops can take proactive steps to avoid those situations.
“Generally speaking, in terms of the measures that people should be taking: Keeping your software up to date. Making regular backups. And obviously a little common sense goes a long way,” Vorisek says.
Modern software systems, like Windows, get constant updates to patch potential security flaws. Make sure that all your programs are set to automatically update and check them periodically to make sure.
“A large portion of the attacks out there take advantage of loopholes” in un-updated programs, Vorisek says.
When working with Windows, regular operating system updates are important because that will also upgrade the antivirus and defense software. There are third-party antivirus options out there, but newer versions of Windows come with the Defender software built in, which Vorisek says is a capable and effective program.
Don’t Use One Password for Everything
It’s perhaps the most common cybersecurity vulnerability.
“Even though everybody knows you’re supposed to create strong, unique passwords, it’s just so much easier to create one password that's simple to remember and use it across all your logins,” Vorisek says. “But that’s a terrible idea.”
A good solution is to get a password manager, which is a program that secures all your different login passwords on its platform. The user creates one password for the password manager, which unlocks the rest of them. Newer programs make logging in a bit more seamless these days, and some will also generate super strong passwords for all your applications.
Make Backups (Even Backups of Backups)
If a hacker is able to get into your system and encrypts all of your files and information for ransom, you’ll be glad to have backups.
While a fee is typically associated with secure remote backup services, Vorisek strongly recommends them.
“For simplicity's sake, if i'm trying to get someone to bite the bullet and adopt a backup solution, the main thing is remote backups to a backup provider that stores them offsite for you and keeps previous versions of files,” he says.
For a more robust solution, you can also keep a local backup on an external hard drive. Users will have to update that themselves periodically, because you don’t want the backup drive connected to a potentially vulnerable computer at all times. That would leave your backups vulnerable as well.
Check Your Router
Old routers can be another vulnerable point, particularly if it’s older. Vorisek suggests making sure that the router’s firmware is up to date (you can search the internet for specifics on your router model).
In addition, log into the router through your computer and change the default password. That’s where you might set up a wifi password or create a guest wifi. Separate form that, Vorisek says that all routers come with a default login to access the program, and it’s usually easy to guess.
Secure Your Browsing
There are all kinds of potential pitfalls while browsing the internet. Make sure employees aren’t clicking suspicious email links or downloading programs from odd websites.
One proactive step you can take is to install ad-blocking software into browsers.
In general, he adds that shops need to take steps and be vigilant about their digital security. It’s not a bad idea to seek help from a third-party service, either.
“Be proactive,” he says. “Don’t sit back and think your shop isn’t an appealing target.”