Town IT Director Shares Tips On Business Cybersecurity
Newtown Chamber of Commerce staffer Helen Brickfield said she walked out of the December 16 meeting of the Newtown Business Advisory Committee armed with some great tips to share with local merchants about how they could better protect themselves from cyber attacks and web hacking.
That meeting — with only three local businesses represented — included a brief presentation by Newtown’s Director of Information Technology Al Miles, that Ms Brickfield was hoping would get more widespread exposure.
“This is an important topic for consumers and businesses,” she said. “Cyber security issues seem to be ever changing and more complicated. It’s hard to keep up.”
Earlier this week, Mr Miles sat with The Newtown Bee to share most of the details he presented about a month earlier, which all local businesses, merchants, and even private residential computer and internet users could adopt to help keep their data more secure.
While the tips coming from Mr Miles were targeted for local businesses, they also mirror similar preventative measures promoted by agencies like the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC).
Vigilant and proactive are two of the most important watchwords for a business of any size when it comes to protecting business data, and preventing unscrupulous hackers and criminals from either stealing key data — or worse — taking down a companies IT systems or holding those systems for ransom.
“You just have to be super careful all the time,” Mr Miles told The Newtown Bee in a January 15 interview. “And when it comes to keeping your systems and data secure, you don’t want to fall behind. That’s when you lose the advantage or give the advantage to the bad guys.”
Sure, installing and maintaining up-to-date cyber security measures can be expensive for larger companies, or those whose data and systems are highly confidential or sensitive. However, Mr Miles says there are a handful of proven common sense practices that may involve the investment of a bit more time away from front line business responsibilities, but are nonetheless inexpensive or cost nothing to employ.
“I call it basic IT hygiene,” the IT expert said, adding that even a small or home-based business “doesn’t have to be vulnerable just because they don’t have an IT department.”
“It’s hard because so many small business people have their hands full concentrating on their day to day work that they don’t actively think about their IT vulnerability,” he said. “But investing the time to maintain security and things like constantly updating virus protections doesn’t require significant expense or effort — versus the hundreds or thousands you might have to pay for data recovery or unlocking a ransomed computer system.”
Tips To Foil Hackers
Some of the key tips Mr Miles is reiterating for local businesses include:
Being Wi-Fi aware — “People generally take Wi-Fi for granted,” Mr Miles said about this popular wireless networking technology that webopedia.com says uses radio waves to provide wireless high-speed Internet and network connections. He says that public or “guest” Wi-Fi systems may be fine for innocuous web surfing or quickly checking e-mails, but users should never conduct sensitive business or financial transactions on public Wi-Fi networks. “They should either use a VPN [virtual private network] or use their own data for sensitive or financial internet transactions.”
Treat customers like a ‘guest’ — “If a business wants to provide its customers Wi-Fi access, do not give them access to your internal Wi-Fi,” Mr Miles advises. “Even a small business should always set up a separate guest Wi-Fi for customers or patrons to use.” And to keep hackers and others from tapping into your IT on nights and weekends, the town IT expert advises businesses to turn off wi-fi when the business is closed.
Maintain virus protection — The minute new virus protection is developed, Mr Miles says people all over the world drill into finding ways to defeat it. According to information provided by the California Department of Justice, antivirus protection scans your files and your incoming e-mail for viruses, and then deletes anything malicious. Mr Miles similarly advises business owners to keep antivirus software updated, and make sure any antivirus or antispy software is continually running and checking your system for viruses, especially if you are downloading files from the web or checking your e-mail. Set your antivirus software to check for viruses every day, and give your system a thorough scan at least twice a month.
Make passwords complicated, but easy to recall — Newtown’s IT director says he prefers using “easy to remember phrases instead of passwords combining letter, numbers, and characters that can be much more challenging to remember. Using a common phrase — for example: ‘feed_the_dog’ or ‘cooking_with_gas’ — will be much more likely to stymie hackers.
Resist the urge to click — Mr Miles says that clicking on urls or links to websites that may come in e-mails or social network posts and messages is one of the easiest ways to invite hackers to feast on your data and access your computer files. “This is a key item,” he said. “You need to be smart, know exactly who is sending you links via message or e-mail. If it’s not legit, one click invites them in — and even security equipped e-mail systems may not catch all suspect e-mails.”
Back that thing up — “Regular backups, even as often as daily, are critical,” Mr Miles said. “That way if you discover you are being hacked, you can immediately disconnect and restore your system with minimal loss of time or system access.”
Two-factor authentication — Mr Miles says he uses two-factor authentication. According to Google, 2-Step authentication or verification can help keep bad guys out, even if they have your password. After you set it up, you’ll sign in to your account in two steps using something you know (your password), and something you have (like your phone or a security key dongle). “Two-factor verification offers businesses a high degree of protection,” Mr Miles said.
Send suspect e-mails to mobile — Mr Miles says it is a lot easier to scrub and rebuild mobile data and systems than a complete business network or server. “So I use my mobile phone to open suspect e-mails or messages,” he said. “That way, if there is an infection or hack happening, it will only temporarily affect my phone.”
Put out the firewall — Mr Miles said maintaining up-to-date firewall protection is also critical. The California DOJ defines a firewall as a software program or piece of hardware that blocks hackers from entering and using your computer. Hackers search the internet the way some telemarketers automatically dial random phone numbers. They send out pings (calls) to thousands of computers and wait for responses. Firewalls prevent your computer from responding to these random calls. This is especially important if you have a high-speed internet connection, like DSL or cable. Just be sure to turn your firewall on — to be effective, a firewall must be set up properly and updated regularly.
Ms Brickfield from the Newtown Chamber said that she started using one of Mr Miles’ tips the minute she exited his presentation.
“Now, I turn my Wi-Fi off when I leave my house. That way I am not automatically joining Wi-Fi everywhere I go,” she said. “Al explained that you may think you are logging onto a business Wi-Fi, but, it could be a “phantom” account set-up to look like [a legitimate business Wi-Fi account] to steal your data. I feel safe at places I know. But everywhere else — I use my data.”
For added resources on keeping your business IT as safe as possible from hackers and data breaches, visit https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/basics or https://www.fcc.gov/general/cybersecurity-small-business.