Cyber Security Tips

This article will provide some basic guidance regarding Cyber Security

Introduction

We recently heard of a close friend whose small but very successful and well-known local construction business was recently attacked with ransomware... at the time of this article, the case is still ongoing... but the total losses to the business are expected to be roughly $350,000 - probably more when considering lost business, downtime, and other long-term effects.

This begs the question: what can we do to minimize our risk from cyber-attacks?

This article will explore some basic ideas related to all things "Cyber Security".  Then we'll provide some helpful tips and immediate actions you can take to protect yourself.  Throughout the article, we'll also give you some additional resources where you can learn more about how to protect yourself from cyber-attacks. 

Summary

Quick Tip: See the FTC's Cybersecurity for Small Business PDF for a great overview of Cyber Security.

Tip #1 - Password Practices

A little common sense and a few simple rules go a long way.

  • Always use strong passwords (or ConsiderLongPassPhrasesInstead)
  • Keep your passwords in a safe place
  • Don't re-use passwords.  Never, ever use the same password for important systems.  Two examples are your email and your bank account.  These 2 accounts are particularly important... your bank account obviously provides direct access to your money, but if you think about it, your email account is arguably more important because it provides access to virtually everything else.  If I gain access to your email password, then I can reset the password for any other system you have, too.  

See our full help center article on Secure Passwords

Tip #2 - "Social Engineering" and "Phishing"

Social Engineering is "the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes".

The simple rule to avoid phishing attacks is to look carefully at your email and text messages for red flags.

2020-11-04_13-12-43-1-1

Ultimately most scammers are looking for someone who will readily give them information and are non-suspecting. Just by being skeptical and keeping common sense, you keep most scammers away.

More Reading:

https://www.knowbe4.com/hubfs/Social-Engineering-Red-Flags.pdf

https://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/

Tip #3 - What do I do with the spam I receive? What do I do with leads that are scams?

Forward the spam email to spam@roofmaxx.com and report the sender to Google.

See our instructional video on how to report and forward spam.

The best course of action if you think a lead is a scam attempt would be to forward the questionable email or otherwise reach out to spam@roofmaxx.com with additional supporting information so we can investigate and provide you with a course of action.

Tip #4 - Backup your files

Data loss is serious, it can result in devastating personal loss and/or loss of business. To put it in perspective if your computer dies right now today and you need your data recovered by a professional you are looking somewhere in the neighborhood of $150 for a simple fix and anywhere from $500-$10,000+ for complicated data recovery.

Always backup your data, whether you do so virtually through Google File Stream or physically using something like a WD Backup Drive or both is entirely up to you. Everything will fail eventually, the point of backups is to have a copy of your data when one of your systems fail. Even cloud services and physical backup drives fail, it is a good idea to have at least 2 backups on separate devices. 

See our help article to learn How to Download Google File Stream

Tip #5 - Software Updates

All software has vulnerabilities to cyber-attacks. These vulnerabilities are usually fixed quickly as they are found and reported, however, you will only get these fixes if your software is up to date. All software installed on your computer should be updated as needed, most will notify you when an update is available.

If you were to choose a single update to perform it should be your operating system. See...

How to update Windows OS

How to update Mac OS

Conclusion

Here are some actions you can take right now:

  1. Use good password management practices
  2. Be careful & "street smart" regarding Social Engineering
  3. Report spam attempts to Google & forward the email to  spam@roofmaxx.com
  4. Use good backup practices
  5. Keep all of your software up-to-date