The Business sCOOP – Information Security – What Businesses Should Know
Donnie Robicheau: Hi! Welcome to the Business Scoop. My name is Donnie Robicheau and I’m here today with Paul Forni.
What would you say today are the biggest threats to businesses from a cyber-security perspective?
Paul Forni: Great question, Donnie! There’s really two things that we want to consider when we talk about cyber security protecting our information and our users. One is social engineering and our employees education is really important. The second part is we want to make sure that we have a sound infrastructure that we’re looking at vulnerabilities and we’re making sure that our hardware and software is manufacture supported and up-to-date.
Donnie Robicheau: There’s been a lot of news about social engineering. Can you tell me a little bit about how businesses can protect themselves from falling victim to such a thing?
Paul Forni: It’s a good topic and you do see a lot of this in the news recently and it’s something you’re going to be continuing to see in the news. When we talk about our cyber security and information security, one of the things where people fall short on is educating their employees on social engineering most of the time cyber criminals aren’t attacking the technology they’re attacking the human element, which helps let them in the back door. There are really three methods of social engineering: phishing emails which is where somebody crafts a email that looks legitimate that they send to an unsuspecting end user, the second form is wishing or pretext phone calling where a cyber-criminal will actually call in pretending to be somebody else and try and get the person answering the phone to reveal their user credentials or get them to do something on their computer that they shouldn’t be doing, the third method of social engineering is a physical breach attempt where somebody will show up at your company, your home pretending to be a repairman somebody from a phone company a cable company and they’ll try to get into your house to get physical access to your devices. Social engineering in a nutshell is the psychological manipulation of somebody to get them to do something that they otherwise know they shouldn’t be doing.
Donnie Robicheau: Wow! Thank you, Paul! This is scary stuff to be honest. How can businesses identify vulnerabilities that they have with their technology and how best can they manage that?
Paul Forni: That’s a great question, Donnie and it doesn’t require a complex solution to be able to make sure that you’re securing your infrastructure. First it starts out with making sure you’re training your employees to be able to identify those social engineering attacks. The second is being able to inventory or identify what information you have either in a physical or electronic form and where that data is being stored next you have to make sure that the hardware and software that you’re using is still supported by the manufacturer so that when patches come out those patches are installed in the hardware and software to make sure that that application is no longer vulnerable for more information i recommend this publication that’s available from the ftc the federal trade commission their website is ftc.gov the name of the the name of the brochure is cyber security for small business in this brochure you’re going to get step-by-step instructions on what you can do to identify your weaknesses and also strengthen up those weaknesses be able to put a bit a plan in place for securing your infrastructure and if you’d like a copy of this brochure you can either go to the ftc.gov website or contact us and we’ll provide you a copy of this document.
Donnie Robicheau: Thank you, Paul for joining us and thank you everyone for watching this edition of the Business Scoop brought to you by the Cooperative Bank of Cape Cod.