How to “Keep It Safe and Secure” in an Online World

Safety: Safety Series, Part 12:

The “K.I.S.S.” Principle for Cybersecurity:

How to “Keep It Safe and Secure” in an Online World

By Terri Perrin / Published May 2016

top-pic

 

Communications technology has become an integral part of today’s business world. Cell phones and tablets are now as commonplace on our job sites as power washers and hoses. We use “smart” devices to take and send photos of projects, to deliver invoices, and to receive payments. In many ways, Internet-based communications make running a successful business much easier, but they can also make it harder. Whether you call it virtual, cyber, or information technology, using these devices to conduct business can pose a significant safety risk. The danger is not to your employees’ physical health and well-being, but for your company as a whole. In a world connected to the Internet 24/7, you can never let your guard down.

Cybersecurity is taken so seriously at Oklahoma City-based Chappell Supply and Equipment that in 2015 they hired Nick Dewey to come on board as their Information Systems Man-ager. Dewey is an expert in this field, having studied computer forensics and cybersecurity at Rose State College and the Oklahoma State University Institute of Technology in Okmulgee.

“My job is to protect the company from all sorts of cybersecurity risks,” explains Dewey. “Anything that plugs into our network, uses accounting software, or has any data with the name ‘Chappell Supply’ on it falls under my umbrella. I work hard to ensure our systems are protected from hackers and that they function correctly.

“In my experience, the biggest risk to communications security is complacency,” adds Dewey. “Many business owners think, ‘We’re small, so no one would be interested in hacking into our system.’” Because they think they are low risk, they are not proactive in protecting their computer systems and communications tools. In my opinion, owners of smaller companies have a virtual bull’s eye on their foreheads because they don’t have anyone advising them on the risks. They can more easily fall prey to ‘phishing’ or such things as Nigerian e-mail scams. If a computer virus were to infiltrate their accounting systems, it could attain credit card and banking data for the business owners and staff, the business, and its customers. The consequences can be financially disastrous. Just one click on a link in the wrong e-mail can put you at risk of identity theft.”

What Is ‘Cybersecurity’?

According to one source, computer security, also known as “cyber” or “I.T.” [information technology] security, is the protection of information systems from theft; damage to the hardware, the software, or the information on them; or disruption or misdirection of the services they provide. It includes controlling physical access to the hardware as well as protecting against the harm that may come via network access, data and code injection, and malpractice by operators, whether intentional, accidental, or from being tricked into deviating from security procedures.

The field is of growing importance due to the increasing reliance on computer systems in most societies. Computer systems now include a wide variety of “smart” devices, including cellular telephones, televisions, and tiny devices as part of the Internet of Things—and networks include the Internet and private data networks but also Bluetooth, Wi-Fi, and other wireless networks.

Wi-Fi Risks

Threats to personal and business information are the most overlooked aspects of both physical and logical (cyber) security risk assessments. Easily accessible Wi-Fi is something that people have been conditioned to expect, but it comes with inherent risks. Dewey stresses the importance of ensuring that your wireless communications are not vulnerable to hackers. Wireless networks must be in lockdown from both a technological and physical aspect. A technological lockdown is ensuring the Wi-Fi is password protected. A physical lockdown means it should not be in a location that is visible or accessible to the public. You would be well-advised to use a qualified professional to install and maintain your Wi-Fi systems.

“I would also recommend that employers request anyone using a cell phone for your business—whether it is their personal phone or one owned by the company—to disable the ‘auto-sync’ Wi-Fi feature and not use public Wi-Fi,” warns Dewey. “If this feature is on, whenever you walk into a restaurant or a gas station, the device automatically searches for Wi-Fi. When the auto-sync happens, your passwords are sent through the Wi-Fi, and hackers could use an app to steal the information on that phone or tablet.”

Byod… Bring Your Own Device

Be aware that information security applies to all kinds of telecommunications devices, not just your main computer system and Wi-Fi. Encourage employees to keep all mobile devices in a safe place when not in use. Ensure that company cell phones have strong passwords as part of device security.

If your employees use their personal cell phones, laptops, or tablets to conduct business on your behalf, be aware that many free apps that they may download could be cleverly designed data-tracking systems that quietly gather information from the device. For this reason, you are well advised to supply employees with company phones and to forbid downloading any unauthorized apps.

Also, be wary if you lend your phone to someone that you don’t know. It only takes a few seconds for an individual to secretly download a data-tracking application when you think they are dialing a phone number.

It Takes A Village

It doesn’t matter if your company is a large corporation or a “mom-and-pop shop,” in a small town or a big city. Address security issues by regularly conducting cybersecurity risk assessments, and act on your findings. Be proactive, not reactive!

Another important step to help you understand cybersafety risks is to establish a good working relationship with local law enforcement, neighboring businesses, your Chamber of Commerce, or other local business organizations. Learn what is going on in your community and be vigilant in getting protective measures in place. You can also learn a great deal about the challenges faced and solutions created by others in our industry by becoming an active member of one of the many trade associations, such as CETA, WJTA–IMCA, or the PWNA. When it comes to cybersecurity, there is strength in numbers. 

 

Top 10 Cybersecurity Measures

1. Set-up passwords on all communications devices, but not the same passwords for everything.
2. Ensure that your wireless network equipment is physically secure and Wi-Fi is only accessible with a password.
3. Discourage employees from using public Wi-Fi networks.
4. Insist that employees keep cell phones, tablets, and laptops in a safe place when not in use.
5. Conduct regular risk assessments of your physical property and all communications equipment. (Follow through on your findings.)
6. Use a qualified consultant to ensure your company is on top of changing technologies.
7. Do not rely on a big binder as your cybersecurity plan. Enforce policies and procedures with all employees.
8. Train all staff, not just managers, on how to identify potential cybersecurity risks. (Don’t open e-mail attachments from unknown sources!)
9. Work with local law enforcement to be aware of possible risks based on past incidents in your community. Make them part of your security solution.
10. Expect the unexpected. Cybersecurity issues will arise, and you need to be prepared to deal with them.