by Laurie Griffith
They’ve become all too common: high-profile, wide-ranging cybersecurity breaches. From the credit card systems of major retailers to the websites of state governments, cyberthreats are making a meaningful impact each and every day. Here at Lopata, Flegel & Co., members of our team are working to safeguard our information, protecting both our employees and our clients. Every organization will have a different approach to keeping their information secure, and some will be more vigilant than others.
Not every business is able to commit human capital to compliance and security, which is why I asked Alex Shanteau, a security engineer at MAD Security, what advice he would give specifically to small businesses that want to improve their cybersecurity. Shanteau has been in cybersecurity for more than five years and has headed assessments across a number of cyber disciplines, including penetration testing, firewall reviews and GRC (governance, risk management and compliance) software. His advice: “Constant vigilance, continuing education and knowledge sharing/crowdsourcing information with peers across the cybersecurity domain continue to be the best defense against cyberthreats. From a small-business perspective, knowing where there may be a lack of expertise and how and when to seek outside help is key to ensuring an environment is secure.”
The advanced phishing techniques Alex is referring to include app impersonation, homograph attacks and mailsploit. Unless your job is in cybersecurity, these terms are most likely foreign to you. For example, have you heard of mailsploit?
I’ve always wondered how certain spam emails found their way through our servers and into my inbox. Ten years ago it was easy for someone to change the header of an email so the “From” line would show a familiar name. For example, you receive an email from a United States Postal Service address, but when you click on “USPS,” an email address like “firstname.lastname@example.org” appears.
However, today our servers are much more vigilant at filtering out these unwelcome addresses. But then there is mailsploit, with which you will see not only a familiar name in the “From” line but also an email address that makes sense. Using the previous example, when you hover your mouse over USPS, you will see “donotreply@USPS.com.”
Mailsploit is one of many examples of advanced phishing, and while you can’t be expected to understand every type of cyberattack, it is important to at least be aware of the business systems that are at risk and understand what your organization has in place to mitigate that risk. It’s also important to note that the majority of platforms vulnerable to this specific attack have since mitigated it. But this serves as an example that the threat landscape is ever-evolving and that new attacks are constantly being discovered.
Again, we all have information that we want to keep secure, but not all businesses have the systems in place to do so. For many organizations, employees are the most important asset. But they’re also the weak point in the security infrastructure. You’re not going to get rid of your people, and you’re not going to get rid of technology. So what do you do?
If you are a leader within your organization, you need to make sure you feel comfortable with the security measures you have in place to protect yourself from cyberthreats. You can train your employees, implement technology and create processes for dealing with incidents when they occur.
We’ve just scraped the surface of an extremely complex topic. But we have more to share. Join us at the next Sharp & On Point Speaker Series from 7:30 to 9 a.m. on May 22 at the Lodge Des Peres, where Shanteau will share his insights into the emerging risks that business owners and executives will need to consider in 2018.
Laurie Griffith is a principal at Lopata, Flegel & Co. Accountants and Management Consultants. The Sharp & On Point Business Advisory Speaker Series is a free event at the Lodge Des Peres sponsored by Lopata. Learn business strategies you can immediately put in place to point your business in the right direction. To reserve your seat or for more information, visit www.sharpandonpoint.com or www.lopataflegal .com.
Submitted 2 years 218 days ago