Cyber Security FAQs

Q: What is cyber security?

Just as you would protect your home with locks, gates, and doors, cyber security safeguards your business from both intentional and unintentional attacks through your interconnected networks, computers, mobile devices, software, and applications. These proactive cyber security measures aim to shield against intruders attempting to breach your valuable data, compromise sensitive customer information, or trick you into transferring funds to fraudulent accounts. Excellent examples of cyber security measures include robust passwords, two-factor authentication, educating your staff, and implementing comprehensive disaster recovery plans.

Q: What is a data breach?

A data breach refers to the unauthorized intrusion by malicious individuals who gain access to your valuable information, including customer records, personal data, intellectual property, and even confidential company secrets. Dealing with such a breach can often become a public relations nightmare, as you are compelled to inform your customers and suppliers that their sensitive data was stolen. 

Q: What is malware?

Malware, derived from the term ‘malicious software,’ refers to unauthorized software that is secretly installed on your computer or network with the intention of disrupting your business operations. It encompasses a wide range of threats, such as executable code, computer viruses, worms, Trojans, bots, spyware, ransomware, and other malicious programs. These threats are often encountered when installing or clicking on links that you or your employees should avoid.

Q: What is a phishing email?

Phishing refers to the cunning act of individuals disguising themselves as trustworthy sources in order to deceive you, often through email, text messages, or social media platforms. Bad actors aim to acquire your personal information, such as passwords or bank/credit card details by enticing you to click on fraudulent links or open attachments that can unleash malware onto your device or direct you to make payments to a counterfeit bank account.

Q: What are business email compromise hacks?

Business email hacking involves the unsanctioned access of an employee’s business email account with the intention of assuming their identity. This deceptive tactic is used to mislead others into engaging in fraudulent activities such as unauthorized wire transfers, gift card purchases, or other illicit financial transactions. Frequently, the perpetrator will masquerade as the business owner, though they can also pose as a supplier, urgently requesting banking information or credit card details for a purchase.

Q: What is ransomware?

Ransomware is malicious software that infiltrates your systems when you unknowingly install it by clicking on a suspicious link or attachment. Once installed, it grants complete access and control to an attacker who then demands a ransom. If you refuse to pay, the attacker can delete your valuable data or lock your screens, denying you access to your own files. 

Q: What is scareware?

Similar to ransomware, scareware bombards you with infuriating notifications, expose your online activities (both real and fabricated), or even goes as far as intimidating you with grave consequences, such as a dreaded tax audit.

Q: Do I need cyber insurance?

The need for cyber-risk insurance depends on your risk profile. If you have strong cyber security protection, a well-informed staff, and a defined process for restoring business systems, you may require less coverage or may not need it at all. However, it’s important to remember that every time your business connects to the internet, it becomes vulnerable to potential hackers. That’s where cyber coverage comes in, protecting you from financial loss and providing a safeguard for claims if your use of the internet results in someone else experiencing a loss.

Q: How can I create an effective digital disaster plan?

To begin, compile a comprehensive list of all of your internet-connected devices such as servers, desktops, laptops, phones, and wireless devices. Detail the measures you undertake to ensure their safety, including password protection and regular backups. Additionally, identify the vital data and mission-critical software that are indispensable to your operations. For each asset and data, outline the strategies you employ to ward off hackers, like strong passwords, two-factor authentication, and staff training. Moreover, devise a contingency plan in case these preventative measures fail, encompassing backup procedures and system recovery protocols. Lastly, conduct rigorous testing to verify the effectiveness of your plan.

Download our one-page Cyber Security Plan

Q: What is multi-factor authentication?

Multi-factor authentication (MFA) is any technology that requires more than one factor to authenticate a user. This can include a code sent to your email, a secret question, or fingerprint scan. A second form of authentication minimizes human error and prevents unauthorized access if your password is ever compromised.

Q: What is two-factor authentication?

Two-factor authentication (or 2FA) is an added layer of security that requires an extra step before granting access to your logged-in accounts. This additional step often involves receiving an email or text message prompting you to enter a unique code or confirm your login, ensuring that it is indeed you on the other end. These codes generated randomly the moment they are needed, are typically valid for a single use and expire within a short timeframe if not utilized. 

Q: What is three-factor authentication?

Three-factor authentication (3FA) provides an extra layer of security by requiring three distinct types of authentication. These can include verification methods such as a PIN, username, or password; as well as the use of a secondary physical item like a phone that receives a one-time password, a key fob, or an ID card. Lastly, it could involve biological factors such as fingerprints, retina scans, or voice recognition.

Q: What is a denial of service?

A denial-of-service occurs when your computer or network crashes due to an overwhelming influx of unwanted traffic or information. This malicious attack not only blocks your access to the internet and your valuable data but also consumes your device’s resources, such as hard disk space, memory, or server capacity. In these situations, bad actors often demand a ransom to stop their disruptive actions, as they calculate that the severe financial and reputational damage caused by your shutdown would be worse than the requested payment.

Q: What is the most effective way to safeguard my data?

There are numerous techniques to ensure the safety of your data. The simplest approach is to transfer everything onto a USB stick or save it on an external hard drive. However, this method may not be practical when dealing with substantial amounts of data. Alternatively, you could utilize cloud storage services such as Google Drive® and Dropbox®, although they primarily serve as file synchronization tools across devices rather than serving as a dedicated backup solution, particularly if you need to preserve terabytes of data. Experts often recommend the 3-2-1 rule: three copies of your data, two stored locally on different devices, and one stored off-site. For most individuals, this entails having the original data on their computers, a backup on an external hard drive, and another backup on a cloud backup service.

Q: Can I detect if my devices have been compromised?

It’s not always easy to spot, but there are some telltale signs that your devices may have been hacked. These include the inability to access your accounts, persistent and annoying pop-up windows, receiving an influx of spam emails, or noticing social media posts that you didn’t author. Your computer could also show unfamiliar programs upon startup or you may experience a significant decline in your computer’s performance, such as slow speeds or frequent crashes.

Q: Who should I reach out to in case of a hacking incident? The authorities, my bank, or someone else?

First and foremost, if you find yourself in a situation where your devices have been compromised, it’s crucial to take immediate action! Contact your in-house or external IT support expert to resolve the issue. If you don’t have anyone readily available, there are numerous consultants and IT support businesses you can rely on. Additionally, make sure to report the incident to the FBI’s Internet Crime Compliant Center (also known as ‘IC3’) through their website at https://www.ic3.gov/. It is also important to inform your staff, customers, and anyone else that supports your business such as your bank, accountant, and business colleagues.

Q: Looking for practical cyber security advice?

If you don’t have in-house cyber security experts or an external IT provider, don’t worry! Check out https://www.fbi.gov/investigate/cyber for up-to-date information on potential cyber-attacks and real-time threats. To safeguard your critical data, make sure to utilize the Two Factor Directory and explore IT services use 2FA.