X
    Categories: Podcasts

What Are the Best Ways to Protect Your Business From Hackers?

Transcript

The views and opinions expressed on this podcast are for informational purposes only, and solely those of the podcast participants, contributors, and guests, and do not constitute an endorsement by or necessarily represent the views of The Hartford or its affiliates.

You’re listening to the Small Biz Ahead podcast, brought to you by The Hartford.

Our Sponsor

This podcast is brought to you by The Hartford. When the unexpected strikes, The Hartford strikes back for over 1 million small business customers with property, liability, and workers compensation insurance. Check out The Hartford’s small business insurance at TheHartford.com.

Gene (00:03):

Hey everybody, this is Gene Marks and welcome back to the Hartford Small Biz Ahead podcast. Thank you so much for joining me. This week I want to talk to you about the security of your data. Ransomware, data hackers, intrusions, different people taking advantage and getting into your systems. We read about these all the time, and there are countless studies that show that small businesses more than any other businesses are certainly vulnerable to getting attacked and getting hacked. This week’s episode, I really wanna share with you… there’s a lot of different ways that you can protect yourself against a hacker’s attack. But I really wanna talk to you this week about the one way, the one biggest way to protect your business from getting hacked. And it only has to do with one word, and that word is training.

Gene (00:59):

Because if you look at all of the reasons why small and mid-sized businesses, big companies as well, get hacked or fall victim to malware and ransomware attacks, it is the highest reason why, according to numerous studies, is people, all of us, we’re busy. We’re running around, we’re clicking on things we shouldn’t click on. We’re downloading things that we shouldn’t be downloading. We’re opening files that we shouldn’t be opening because we’re not paying attention. We’re doing things too quickly, we’re multitasking and frankly, we’re not really aware of whether or not something is bad or it’s not bad. And let me tell you something, if you click on a bad link in an email sent to you, and it takes you to a bad website, that’s called phishing, by the way, PHISHING, that website can download software to your device, which can then maliciously invade your network and do all sorts of harm.

Gene (01:59):

That’s just by visiting a website. If you are sent a file and you download that file and open it, same thing. It can launch a malicious piece of software that can go after your data, not just on your device, but on your network as well. So you gotta get training. What we need to do, both us as business owners and our employees, we need to be able to recognize when something malicious is being sent to us. And the training comes in really two ways. Number one is you need to invest in an outside IT firm to come in and train your employees quarterly on what to look for and how to respond and how to react, and what types of new malware is out there, or ransomware is out there that they need to be aware of.

Gene (02:51):

They need to be educated on this stuff. You should be mandating that your employees attend these sessions only once a quarter is fine. It will and by all means the IT firm can be repeating the same information over and over again because we need to hear these things more than one time. But you, me, our employees, we all need to be aware enough so we can recognize when we’re getting something that doesn’t make sense. So that’s number one. Number two is I strongly recommend that you look for software that can help you in the process. Now, one of the most well-known training softwares is KnowBe4. It’s KNOWBE and the number four. It is a great platform. I forget how much it costs. It’s not, not exorbitant, but it actually sends fake emails trying to entice you and your employees to download stuff and click on the wrong stuff.

Gene (03:46):

And if you do, no harm is done, but it gets reported and then you find out why that was harmful, and then you get educated as to why it was harmful. So, platforms like KnowBe4, and you can Google KnowBe4 and it’s competitors, there are plenty of them that are out there. You have them going all the time. They stay up to speed on the latest scams and the latest sort of email solicitations that are out there. So they duplicate them as well so that you could be getting them in real life, but then getting a fake one from KnowBe4 before. And therefore you’ll know in advance when something comes to you that’s, that’s wrong or that’s malicious, you’ll know that in advance. You absolutely want to subscribe to a platform like that. The other way that you cut back on employee errors is by really outsourcing all of your data and your IT.

Gene (04:34):

Most of my clients, they use managed service providers. They are not hosting anything internally anymore. That way they’re managed service providers, and there are plenty of them that are out there that you can Google. They take all of your applications and all of your data, they manage them for you. You don’t know anything. They have all their security on top of it. They provide training for you and your employees and they provide an extra level of protection. So even if the training doesn’t work, there is something between you and the malware that gets stopped because of the protection that they provide. One other thing about training, which I have to enforce as well, is your IT people or whoever’s in charge of, in training you and your employees have to enforce that you upgrade your operating systems.

Gene (05:20):

When Microsoft, Apple, Google whether you’re running an Android device or an iPad, or Windows PC, they always tell you that it’s time to install updates. Make sure that you do that and make sure that your employees are trained and enforced to install the updates on their systems. Why? Because those updates will download and install and protect against the most recent security problems that those companies know that are out there. Now listen, there’s no guarantee that it’s gonna protect those devices. Any smart hacker can get around just about anything. But there’s so much low hanging fruit that of the thousand bots or millions of bots that are running around right now on the internet, they’re looking for that low hanging fruit. They’re looking for all those people that haven’t upgraded their devices and aren’t trained and are easy to be duped.

Gene (06:13):

And when they find them, they go after them. When they come across a device that’s been recently upgraded, they’re gonna be less likely to go after ’em because it’s just that much more work. So, again, it doesn’t guarantee your protection, but it absolutely helps avoid it. So listen, you wanna stop yourself from being hacked. Well, there’s no 100% guarantee, but the best protection for your business is training for you and your employees. Hire an IT firm to do the training. Get a platform like a KnowBe4 or any of their competitors to try and dupe and test you in your employees. Outsource all of your IT data and applications to a managed services provider. They’ll provide training and an extra level of security and make sure you and your people are trained to install any updates and upgrades on your operating systems.

Gene (07:06):

Microsoft, Apple, Google, Android that come about because that will provide you with the most protection. That in itself is gonna go a long ways towards minimizing any loss of data, loss of business due to a potential hacking or any other type of malware. My name is Gene Marks and you’ve been listening to the Hartford Small Biz Ahead podcast. Hope this information helps. If you need any other advice or tips and help in running your business, please visit us at SmallBizAhead.com or SBA.TheHartford.com. We will see you again next week with another piece of advice to help you run your business. Take care.

Download Our Free eBooks

Chloe Silverman:

View Comments (4)

  • You should never, ever blindly trust updates coming in from anyone, especially when they are forced.

    3CX, Crowdstrike, XZ Utils, Log4J and a host of other vulnerabilities were all installed directly through updates. In fact, every single vulnerability ever loaded into a system was put there through an update.

    The word you are looking for is that your systems should be regularly patched against security vulnerabilities and the patching should be done intentionally.

    As security professionals, we seriously need to stop telling people to blindly accept any code or update being installed on any system without understanding exactly what that code does. Doing otherwise is just asking for more problems. The growing CVE / NVD counts show that "just do updates" is a lousy bit of advice.

    Know the threats, patch the threats and be intentional with your Software Composition and Technology Standards.

  • As an IT service provider we recommend to our customers that a very good up to date hardware firewall is your first defense.
    We us SonicWall as our primary. It protects from hackers , viruses, malware and ransomware.

    We also use Ubiquity as it is a good solution for those who are not IT professionals. The hardware and software make it almost "plug and play".
    We of course recommend a very good anti-malware program on all client devices.

    We have Malwarebytes. As we were a Norton provider. A supported corporate customer with business class Norton. Was updated (to Norton latest version) on a weekend. From servers to client desktops. Giving them all the "blue screen of death" to deal with on Monday am. The fix took 2 weeks and involved removing Norton. Leaving them with no protection. But the firewall. We moved them to Malwarebytes.

    Training employees is very important but we humans are fallible. Hardware is more reliable as the first line defense when your have the email security or Hosted Email security suite. Protecting the email before it gets to you. The firewall when configured correctly will protect you from most malicious websites.

    Nothing is perfect. But in this game, we are always working to "plug the holes dam and guard the camp".

    Our approach is keep all your "data" in house and close at hand, on-site as possible. If it does not need web access don't give it any and limit what can access. The firewall does all that and more.

    All our business customers and a fair percentage of our consumer customers are using SonicWall firewalls. We place old "outdated" units on-site for free for 90 days some our customers just to show them how effective they are.

  • I would like to see an article on credit charge fees charged to a merchant for accepting particular cards. The fee computation seems very confusing.

    • Hi Mickey, thank you for reaching out! We're looking into creating content around this topic!

Related Post