Nick and Dave talk with Ian Richardson, owner of Doberman Technologies about personal and business cybersecurity practices that everyone should be doing.
Ian has an extensive background in IT security and is licenses in Microsoft and Sysco systems. He started Doberman Technologies 15 years ago to help out small businesses and individuals obtain crucial practices and services to keep their information safe.
Now with more people working from home, your home and business security is crucial.
Ian explained about his company’s No Geek Speak Statement. “In all the conversations we have with clients use plain English. We avoid acronyms or technical terms. When something makes sense that is when people start to pay attention.”
Cornerstones of Cybersecurity Best Practices
Cybersecurity is a big topic. All of it can seem scary. Whether you want to secure your household. your office, or your home office, there are things you need to be aware of and things that you can hand off to people who are knowledgeable about internet security, as well as things you can do on your own to improve your cyber – safety.
Ian explains that there are Three Cybersecurity cornerstones: Confidentiality, Availability, and Integrity
All three of these are paramount in ensuring that all of our data and access to that data is kept safe.
Confidentiality: Whatever I need to keep private I am keeping private. This includes keeping information safe from hackers, but also different permissions for team members, employees, or household members. For example, in a company with employees, there will always be sensitive information that only HR or Payroll personnel need to access. In a household, the adults need access to financial information where children and teens don’t.
Integrity: This means that all data is what it says it is. It doesn’t get changes, deleted, or corrupted. And everything is backed-up.
Availability: This ensures that the right people can easily find their information and access that information
The goal is to create a balance between security and ease of use and accessibility.
How do you know your information is secure?
As an employee and a consumer, it is a good idea to ask the organizations you work with about their security protocols. This includes your employer, bank, financial advisor, doctor’s office, and anyone else who has access to your private information.
Ask questions such as:
How do you keep my data safe?
Who would you ever share it with?
How do you share it?
What are your Backup and update protocols?
How do I access all of my financial information through your company?
If someone is unable to answer questions about their cybersecurity, chances are they don’t understand it or they might not be doing it or doing enough of it. If they can explain it to you simply, that is a good indication that they understand it.
Techniques for keeping your information safe
The National Institute of Standards and Technology (NIST) is a taxpayer-funded organization that does many things to support consumers, including creating a five-part framework for your average business owner or individual to keep you and your info safe online. Identify, Protect, Detect, Response, and Recover.
Identify: Identify what is important to you. For example, in your home, you have electronics, information, photos, statements, financial plan, assets, etc. Classify them in order of importance. How important is each thing to your organization or household?
Protection: Once you identify what is important, invest in protection. You put locks on the doors, a fence in the yard, etc. Cybersecurity, anti-virus on computers, complete updates, and security software are types of protection for your online information.
Detection: For your home, you may get an alarm system or join the neighborhood watch. With cybersecurity, you install alerts to tell you if something has happened. Use multi or two-factor authentication for everything that will allow it. If you have two-factor authentication, you will get a text or an email if someone tries to log in to your accounts.
Response: If your house has been breached, the alarm goes off and the alarm company and the police are alerted. With your online information, if you get an alert through two-factor identification or something else you can check in with your team or family members, make sure no one did something. Then you call the bank, or company associated with the breach and find out how it was accessed. You can freeze accounts, change passwords, or whatever it takes to restore security.
Recover: If someone breaks into your house and robs you or your house burns down, your insurance will cover the loss – which is a recovery strategy. In business, a recovery strategy includes a way to back-up and restore data.
It is important to be an active participant in keeping yourself and your information safe. If you invest time and/or money into each one of these steps you will be good with cybersecurity.
Creating and Using Safe Passwords
Passwords are a misnomer. Your password should actually be much more than a single word. A passphrase is much safer. This is a sentence you are going to remember. It can be random words, an actual sentence, a line of Scripture, a favorite quote, the opening line to your favorite movie, or something else that you will remember. But don’t stop there. Most sites that require a password also require that it includes capitalization, numbers, and symbols.
For capitalization, you can use normal capitalization rules, reverse capitalization, capitalize the last letter in each word, or just something that you will remember.
When choosing numbers, pick a number that means something to you. You can put it at the end, the beginning, the middle, or wherever you will remember.
Lastly, throw a symbol in there somewhere. Put it in a different place than your number. Not next to one another.
A passphrase like this will be easy for a person to remember but will take centuries for a hacker program to figure out. A single word, even the ones that mean nothing like the suggested passwords that you are often given, will take about 30-60 days for a hacker system to figure out.
Don’t use the same password phrase with everything. Instead, use a password manager. You create one passphrase to get into the manager and then the password manager makes random passwords for everything else.
Making Security a Productivity Item
If you insisted on every person on your team or in your family use a password management system, it makes it so much easier and safer. When you bring on new employees or when they leave your company, your security will not be compromised as you add or delete them from your system.
This makes HR transitions much easier and much more secure. Password managers are a key tool for any cybersecurity protocol.
On the household side, couples will be able to access anything they need to. If something happens to one spouse, the remaining spouse is not locked out forever.
There are many password managers that can be set up so that if you don’t log in for a designated time, it will automatically contact a designated person and give them access. This is called a “dead man’s switch.”
Additional Tips and Tricks For Hacker Attempts
What should you do if you think you have been hacked? It depends on the severity of the hack and what type of information was compromised. However, here are some common hack strategies.
Email Attack: Fake emails are sent using social engineering. They are created to trick you using human nature. Simply opening an email usually doesn’t do any harm. A common ploy by hackers is obtaining a list of passwords and emails from a site. Then they send an email to the victim stating something like, “We have your password (then they list the password) and if you don’t pay us, we are going to access all of your accounts and steal your information and money.” In this type of scam, 99.9% of the time they haven’t actually done anything with your information. If you think about it, someone with access to your information is most likely going to access it and take whatever they can and never tell you about it. So, if you get an email like the one just described the best thing to do is go to the account the email is referencing and change your password. There is no need to reply to the email. You could also alert your bank and/or credit card to not accept any charges for the business in question for a certain period of time.
Click on a link in an email or open an attachment. If you open an attachment sent to you it may install something on your computer. If you ever click on an attachment and you get a pop-up notification asking you if you are sure you want to open this, it means the attachment will try to install something or run something on your computer. This is your computer telling you that something might happen that you don’t want, and you should stop and not go any further.
A word document or a true PDF will never give you a prompt that it is trying to run or install something. If you get something from someone you know that you weren’t expecting, call the person and ask them if they sent you something. If it is from someone you don’t know, it’s probably not valid. If something is sent to you under the pretense of being URGENT, you should always verify.
If you do open an attachment or suspect that your security has been compromised, check out your system and call a tech resource. Or go through security software and run a scan to check out your computer.
Reset password link. If you get an email telling you to reset a password by following a provided link – don’t click on the link. If you do, most likely a hacker has created a fake website to look the one they have told you it is. When you change your password you are handing it to the hacker. Instead, open up a browser and go directly to the website on your own and change your password from there. Never click on a link from an email to change a password. Because of this popular hacker ruse, no legitimate company will ever send you an email with a link in it to change your password.
If you have fallen for this common ruse, go to the real website of the company and immediately change your password. You could also call your credit card company and/or bank and tell them to freeze your card or account for that store, or transfers, etc.
Hackers are very good at playing 0n people’s emotions and creating that sense of urgency. It happens more often than people realize. You may feel silly, but don’t let that keep you from doing whatever you can to mitigate the loss or re-establish the security.
Social Security Number: If you think your SSN has been compromised, call all three credit verification companies (TransUnion, Experian, and Equifax) and put a freeze on your social security number so no one else can open an account with your SSN. You can set up two-factor authentication for that as well.
Cybersecurity Wrap Up
Conduct Active credit monitoring several times a year. Get a bit more intentional about your security. Slow down, there is never that big of a technology emergency coming through your email.
Really look at the email, who it is from, spelling mistakes. What are they trying to get you to do?
About Shotwell Rutter Baer
Shotwell Rutter Baer is proud to be an independent, fee-only registered investment advisory firm. This means that we are only compensated by our clients for our knowledge and guidance — not from commissions by selling financial products. Our only motivation is to help you achieve financial freedom and peace of mind. By structuring our business this way we believe that many of the conflicts of interest that plague the financial services industry are eliminated. We work for our clients, period.
Click here to learn about the Strategic Reliable Blueprint, our financial plan process for your future.
Call us at 517-321-4832 for financial and retirement investing advice.