Elliot Schiller, Graphic Arts Magazine columnist, is a Director at Toronto’s Teeger Schiller Incorporated, a firm specializing in government funding and systems selection/ implementation. His clients receive over $5 million annually to support ongoing business innovation. Here, he presents some timely advice on protecting your shop from cyber attacks.
The WannaCrypt0r 2.0 (WannaCry) ransomware virus attack last week reminds us that we should always have security at the forefront of our thoughts. Security is everyone’s responsibility, not just the tech folks. Here are a few basic tips that you and your staff should be familiar with and follow accordingly.
- Data Redundancy. There are many services available that can provide your company with the ability to maintain data redundancy (formerly known as effective backup), either on-site or in the cloud. However, if you have a contractual confidentiality agreement with any of your clients, you need to ensure that the service you select for this task can guarantee total confidentiality of your customers’ information.
- File Sharing Handling. In the graphic arts industry, files are often passed between your customers and your office (i.e. logos, brand identifiers, etc.). It’s therefore important that you have a protocol to send and receive these potentially virus-infested files utilizing an offsite (cloud, or third-party host) sending/receiving protocol. That way, you can ‘scrub’ the files before allowing them into your network.
- Software Patch Processing. Microsoft had a patch that if installed, would have prevented infection from the WannaCry program. However, many companies were not up to date in applying these patches. In a corporate environment, ensuring that patches do not negatively affect utilized apps is a process that often slows down patch updating. Make patch applications a priority – and make sure that the software you’re using is still being supported by the vendor.
- Antivirus Software. Antivirus software will protect you from the most basic, well-known viruses – but of course, only if it continues to update itself with new threat protection. While this will probably be good enough to thwart an unsophisticated hacker, it should not stop you from remaining vigilant to attempted attacks.
- Change passwords frequently. Develop an app to ensure that users change their passwords on a scheduled basis, and that they don’t reuse the same password, or a close proximity one, for a reasonable period of time.
- Use two-factor authentication. Where possible, set-up and require users to utilize two-factor authentication to minimize ‘robots’ from breaking into your network.
- Develop a corporate education program. A corporate education program to ensure that users respect the sensitivity of corporate networks is a must. Teach your staff these do’s and don’ts of email:
- Don’t open attachments from senders you don’t know.
- Don’t open attachments from senders you do know if something feels wrong.
- Don’t believe everything you read. You probably didn’t win $1 million, your bank is probably not giving you only 24 hours or whatever to avoid dire consequences, and of course, your bank or the taxman don’t need you to click a link to log in. The old adage that “if it seems too good to be true, it probably is” should be applied to everything you encounter within your email.
- Do leave your personal devices at home, and make sure they’re not attached to the office network. Social messaging services and free email services for your personal relations are often breeding grounds for infestations.
- Always think before you click.
- Don’t give any information to someone if they initiated the contact.
- Visitor Protocols. Set up a corporate protocol for visitors accessing the network within your office. Put a wall between the visitor and corporate systems/data access. Most visitors simply require a path to the Internet. That’s all they should be allowed to have.
- System Shutdown. If possible, when the system is not required, power it off or disconnect it from the Internet entirely.
Events like the catastrophic WannaCry epidemic this past week remind us that we must all remain vigilant to attacks. The Cambridge dictionary reminds us all that “forewarned is forearmed” – meaning that if you know about something before it happens, you can be prepared for it. So, consider yourself forewarned!