youtube.JPGfacebook.JPGtwitter.JPGgoogleplus.jpg

800-348-5194 (Toll Free in WY)
email:WSBDC@uwyo.edu

Cybersecurity

Cybersecurity warning graphic.jpg

 

60% of small business that are attacked are out of business in six months.  82% of social security numbers have been hacked more than once.  What can you as an individual and business do to protect yourself?  Here is a to-do list in priority. Contact the Wyoming SBDC for free help or if you have questions.

 

1) Back-up your data and systems.

  • If you keep back-ups of your data and systems, no matter whether you have a fire or have been ransomwared, you can be up and running in just the time it takes to restore what has been damaged.
  • Use either removable media (USB hard drive) or cloud services (like Carbonite or Barracuda).  If you use an attached drive, make sure you keep it unattached and off-site when not in use.
  • Test your backups.  Make sure they work.
  • Encrypt your backups.  Almost always an option, do it.  If someone hacks the cloud service or finds your USB hard drive, your sensitive data is protected.

2) Train yourself and your employees.

  • Footprinting, scanning and breaking a computer or network can be hard works, like breaking into a bank.  Instead, hackers and others who want to gain access or attack your system find it much easier to trick people to letting them in, just like tricking an employee to let someone into the bank vault.
  • We recommend ALL employees, staff and individuals take the FREE online IASE Cyber Awareness Challenge  training required for all Department of Defense employees: http://iase.disa.mil/eta/Pages/online-catalog.aspx
  • For accountability, have each person print off the free certificate offered at the end of the training and exercises.  It verifies their training with management and if there ever is a question of training after a breach that is investigated, this can help demonstrate having some protections in place.
  • Make it a policy to repeat the training every year.  The threats change and people grow complacent and it does not take much time.
  • There are other courses on the IASE page worth considering depending on your employees and what you do.

3) Change your password, make it long and look at Password Managers

  • Service providers lose millions of usernames and passwords and it is more than likely someone has yours (check here: https://haveibeenpwned.com for publicly disclosed breaches).  Hackers will try found passwords to see if they can get into your bank account, Facebook account, Amazon account, the website you manage, etc.  If you
  • Length is most important (defense agains brute force attacks), don't use common words, numbers or combinations that would be used in a "dictionary attack".
  • If you have multiple accounts, use a password manager.  Apple has one built in plus some others are Dashlane and Lastpass.  There are many out there and they will let you only have to remember one password.
  • If 2-factor authentication is an option (Google, Microsoft and many others have it), use it.  Instead of just something you know it incorporates something you have (a separate cell phone for example) or something you are (biometric) 

4) Inventory what you have, make sure each is secure.

  • Make a written list of all of your servers, computers, iPads, and network devices, such as routers, switches and modems.  Make sure they are stored and used in a safe environment.
  • For each of these check:
    • Is the firmware up to date? If it is an old modem/router, time to upgrade?
    • Is the software up to date?
    • Is there sensitive data on the device and can it be removed?
    • If there is sensitive data or access via that device, can it be better secured?
    • If a device as an end of life system on it (say WindowsXP or old information system, can it be isolated to not connect to the internet where it can be easily hacked?
    • When disposing of a device, make sure it is clean (hard disk scrambled or removed, for example)
  • If you document these and what you are doing, you are well underway to having a cybersecurity plan, something often required in contracting with other vendors and agencies.
  • We recommend at least using a free network scanner to check for rogue or forgotten devices and even vulnerabilities.

5) Examine this full Checklist.pdf and/or contact us for specific assistance.

  • Beyond these four steps that cover some of the most common threats, there are others unique to each business type or applications you use.  
  • Some businesses may require additional levels of security, perhaps you want a complete cybersecurity plan or would like to have your web app, network or otherwise looked at by a certified cybersecurity specialist from the Wyoming SBDC.  The Cybersecurity Specialist is a trained ethical hacker.

Other interesting cybersecurity resources:

 

CyberSecurity Advising:

Jim Drever,  Regional Director

Certified Chief Information Security Officer (CISO) Specialist
307.766.3505
Email Jim