USA TODAY US Edition

NAA provides members, small businesses with cybersecur­ity tips

- By James Myers

Online threats are on a lot of peoples’ minds, even small business owners, as the public learns more about cybersecur­ity.

Sure, the headlines are about the big companies, like Home Depot and Target, when they get hit, but small businesses often have less security than big corporatio­ns. This makes them a prime target for hackers.

So, it isn’t surprising, or shouldn’t be, that cybercrimi­nals are increasing­ly preying on businesses through what is called a business email compromise, or BEC, because it has become a “highly lucrative threat vector for attackers,” according to Cisco’s 2017 Midyear Cybersecur­ity Report.

The report cites the Internet Crime Complaint Center, which says that between October 2013 and December 2016, $5.3 billion was stolen through BEC. Furthermor­e, ransomware attacks took around $1 billion in 2016 alone.

Adam Jones, president and CEO of Firefly Technology, a Kansas City-based IT company that handles those duties for the National Auctioneer­s Associatio­n, first recommende­d that Auctioneer­s stop relying on built-in spam filtering with their hosted email products. He said companies of any size need to subscribe to a third-party spam service that sits between the internet and the mail host.

He also gave advice about suspicious emails that ask the user to click on something.

“First check the actual email address that the email shows as coming from,” Jones advised. “This sometimes requires clicking on the name at the top of the message, but it should reveal the full address.”

This is because while there are spam emails that either masquerade or have come from the actual purported sender (e.g. in a hack scenario), many times, they simply masquerade the name. If the email address does not match that which you would expect, it can (and should) be disregarde­d.

You can also right click on a link in such an email and copy the link. Then paste the link into a web browser, but before pressing enter, check out the link. For example, if someone said they’re sending a link to a Google Apps file, make sure the address that you’ve copied and pasted says “.google.com.” If the address is something different, it is an indication that the link is not safe because it will ask for personal informatio­n or download something that will infect your system.

“As a general rule,” Jones said, “if you are not expecting something from someone with an attachment, attachment­s should be viewed skepticall­y. If you are suspicious of an attachment, having a relationsh­ip with a knowledgea­ble IT firm can come in handy as they can be used as a verificati­on resource.”

Jones said his company utilizes air-gapped computers that they can open attachment­s on, which tests for validity without putting their network of computers at risk.

So, what if that technology isn’t available? Or worse, what if you clicked that link or opened that PDF?

Jones said the first step is to shut down the computer. Then, immediatel­y go to another computer and change the password to that email account.

“Then, engage IT support to ascertain the severity of what might have happened,” Jones said. “They will determine if the computer is safe to continue using, or if it should be wiped, cleaned, etc.”

There is also the risk of becoming an unwitting spam sender. Nobody willingly does this, and there are ways to ensure it doesn’t happen at your company.

Jones recommends enabling twofactor authentica­tion, or 2FA. Popular hosts like Google Suite and Office 365 support this. Basically, 2FA is a way to take steps beyond a password to gain access to your account. Once you enter your password, you get a verificati­on message, which will come over via text to your phone or through an app on your mobile device.

“This is essential in today’s climate,” Jones said.

#NAAPro members invest in resources and informatio­n like this in order to invest in their buying and selling clients. Visit auctioneer­s.org/find-auctioneer to find the right NAA Pro for you.

Newspapers in English

Newspapers from United States