The Oneida Daily Dispatch (Oneida, NY)

Cyber security and small business

Workshop educates business owners in data protection

ROME, N.Y. » Small businesses were invited out to the Rome Chamber of Commerce to learn more about the digital world and what it means to their business.

Apart of the RenewNY-22 tour by Congresswo­man Claudia Tenney, R-22, and cosponsore­d by the Rome Chamber of Commerce, Mohawk Valley Small Business Developmen­t Center and Anjo- len Cybersecur­ity, the workshop was meant to teach small business owners that they are just as much as a target for hackers and cyber criminals as big businesses; and that means they need to act sooner rather than later.

“Nearly 50 percent of small businesses experience cyber-attacks,” Tenney said. “However, our small businesses rarely have the additional resources to invest in improving cybersecur­ity as it is often a complex and costly un- dertaking. Everyone likes to think ‘Oh, I’m too small,’ but you’re not. Your identity is very valuable and if you’re comprised, it can affect you the rest of your life.”

Housed on the Utica College Campus, Anjolen has years of experience in the cybersecur­ity field.

“One of the things we want to accomplish is to help you understand cybersecur­ity and how it affects you as a small business, and

give you best practices, proactive tips and things that you can go back and look at when positionin­g yourself for cybersecur­ity,” said Chief Training and Developmen­t Manager Michelle Tuttle. “From a managerial standpoint, you hear people talk a lot about proactive versus reactive. Whether you’re talking about cybersecur­ity or the financial sector, you want to be proactive. If you’re not proactive, you can’t handle what’s being thrown at you. By being proactive and thinking about cybersecur­ity posture and what checks and balances we have, we can be more effective when there is an incident.”

Some of the most valuable targets to potential hackers are the servers used by businesses to hold personal informatio­n or personal health informatio­n -- such as Social Security numbers, bank numbers, medical history and more.

“Those two categories of informatio­n are protected by government regulation­s. The government says you have to be proactive and practice due diligence and ensure that the right steps are in place to protect data from cyber-attacks,” Tuttle said.

But stealing informatio­n isn’t the only threat; locking it away can be just as costly, if not more, the experts warned.

Vice President of Anjolen Cybersecur­ity Joseph Giordano said Anjolen’s aim is to prevent clients from becoming like the city of Atlanta when faced with a cybersecur­ity threat.

On March 22, the city’s computer network fell victim to a ransomware attack, in which specialize­d software was used to completely lock a number of systems behind an encryption. Without the encryption key, there is no way of accessing the system. The perpetrato­rs of the attack demanded around $50,000 in Bitcoin for the release of the systems affected. Atlanta lost access to a portion of its computer network and is still recovering fromthe attack; as of June, the city has spent around $2 million to repair its network and is expected to pay more.

Giordano said Atlanta did not have a backup of data or programs in place. In being reactive to the situation instead of having proactive measures, the city has suffered a major blow.

One attendee of the workshop said he works as an insurance broker and wanted to know if lost money could be covered under business insurance. Tuttle said cybersecur­ity insurance has come about within the last few years and companies like Anjolen are called in to examine the policy to make sure business owners have done what they could have done to prevent the attack before the insurance is paid. To Tuttle’s knowledge, business insurance would not cover cyber-attacks.

“Small businesses are a target. They are the most impacted, too, with 60 percent of small businesses shutting down within six months of a breach,” Giordano said. “The bottomline is that ransomware is the attack of the day. It locks the systems. I don’t think any organizati­on is not vulnerable today. If you are still in business and are making money, you are a target.”

But there’s no such thing as being 100 percent secure. Tuttle and Giordano said if any cybersecur­ity company says they are 100 percent secure, you should turn around and run.

“Human vulnerabil­ity is the greatest threat. Anyone in the cybersecur­ity field will tell you that,” Giordano said.

“In a survey, 82 percent of people said they read and understand their company’s policy regarding data privacy and informatio­n security. Yet in that same survey, 46 percent of people say that opening any email on their work computer is safe,” Tuttle said. “That’s a big contradict­ion. You might have policies and procedures in place, but this suggests the employees don’t understand what it is they’re reading or why it’s important. We need to make employees under- Vice President of Anjolen Cybersecur­ity Joseph Giordano discusses the importance of cybersecur­ity at the Rome Chamber of Commerce on Tuesday, July 31, 2018. stand why these are important and in place.”

Another attendee was concerned about employees who were using the Internet during their lunch break and using their work devices to browse.

“It’s your system and your policy,” Tuttle said. “If they want to take their personal device, sure, but if you have an Internet use policy that says they can’t, then there needs to be corrective action. You’re the one that’s going to have to deal with vulnerabil­ity if something happens. It can be hard to monitor, but there are tools to help.”

Hackers can also prey on human emotion, Tuttle said, and told the workshop of a situation in which a woman used the sound of a crying baby and the guise of a distressed mother to get a call center employee to change the email and password of another person’s account without proper authorizat­ion.

When it comes to the weakest link in cybersecur­ity, Giordano said, it all comes right down to human error.

Attendee Cathie Mann, of Rome, is looking to start her own business in the Rome area providing inhome health care to the disabled and elderly; and she sees the Internet as a potential tool and threat.

“Being a potential business owner, I’ll have a lot of personal health informatio­n on a website for clients and I want to protect that informatio­n because of HIPAA,” Mann said. “I’m not that tech-savvy and my children would say I’m a novice. But I’m a quick learner and I just need to be taught.”

Mann took a lot of notes at the workshop and learned about the different threats she could be potentiall­y facing.

“I think it’s very important to pay attention to things, like links on your computer,” Mann said. “I’ve never been suspicious. As a nurse, I’ve always been very empathetic and answer to emotional things. So I have to be careful not to do that, even if it goes against my grain. But after the workshop here, I feel more confident.”