The whole point of our new YouTube Channel TekkTalk was to get people talking, starting conversations and asking lots of questions. And that is exactly what has happened, which is great! These questions were from one of our first videos on Cyber Security.
Question Number One
"For me, I am most concerned about how to get the good practices embedded at all levels of my organization. I do most things on the list, but I always worry that all it would take is someone accidentally opening the wrong email."
You're right, it only takes one person to open the wrong email or open a wrong attachment and it could corrupt your data. The only way you can really get good practices embedded into your company is something like regular training. One thing we have started doing for our customers is regularly testing them by sending out fake phishing emails every week or so. Anyone that clicks on the email or link gets enrolled into training which will teach them how to notice dodgy emails. Have a read over one of our previous blogs on How to Spot a Phishing Email.
As said above, someone is going to accidentally click on a dodgy email or an attachment, so it is a MUST that you have all the steps in place to protect against that, especially on things like falling over your backups. If you don’t have a backup solution, you won't be able to recover data from before the dodgy link/email was opened. If all else fails, you need to rely on your backups. If you haven't backups in place, it should be one of the very first things to do.
Question Number Two
"Could you perhaps provide more information regarding Phishing and Ransomware emails? I know a couple of occasions where individuals have clicked on a link, accessed documents that had viruses attached, which has then done a considerable amount of damage, if it has already got past antivirus software."
Phishing emails are designed to try and capture your data. They are made to look identical to emails you would receive from companies or people like Microsoft or UPS, making it very hard to spot the differences. There are a few places you can look one being in the email address. Check to see if they are spelt correctly, for instance 'Mircisoft' instead of 'Microsoft'. These simple changes can go undetected when you are not specifically looking for them. The email addresses can also have no relation to the sender, like email@example.com which are much easier to spot.
Another way to check for dodgy emails is to hover over links that are attached in the emails. A tab will pop up and tell you exactly where the link is even if it is being displayed differently.
Ransomware emails typically come through with attachments. The thing with these attachments is that you won't know something has happened until it’s too late. The user will open the attachment, see that it is a dodgy email, delete it and think nothing of it, forgetting about it. But actually, the link has started encrypting your data and has left a small text file stating that you have been hacked and have a limited amount of time to pay or you will lose your data.
Once again this is where your backups are important! If this were to happen and you have a backup from an hour ago, you can just wipe your drive, restore from your back up from an hour ago and you are good to go. One of the very first things you should do as quickly as possible, is shut the infected PC down and unplug it from the network. As soon as the PC is switched off it can't start encrypting anymore files. Once you have done that the source of the infection has been dealt with, you can put the PC to one side and deal with it later. All you need to do is recover your data to your server from your backup and you are good to go.
I will be creating a future video going more in-depth into Phishing emails and ransomware emails, which hopefully will answer more of your questions. If you do have any questions don’t hesitate to ask, either email me at firstname.lastname@example.org or comment on our videos over on our YouTube Channel.
A little side note I've recently been reading a book recommendation called Making Websites Win by Karl Blanks and Ben Jesson. It seems pretty good so far and I'm planning to make some tweaks to our website on the basis of reading this, just to see if it works.
A book I would definitely recommend is Profit First by Mike Michalowicz. It's not all about making tons of money, it just teaches you to put profit first. For me as a new business owner, I know we are 8 years in, I hadn't had a clue how to manage money. We were doing everything from one bank account, and it worked for us, but then someone put me on Profit First book and it’s a complete revelation into the way we manage money now. We were never bad at finances, but this is just a whole other level. Check it out.