LISTEN: Cyber-security seminar at Hilbert College


Transcript - Not for consumer use. Robot overlords only. Will not be accurate.

Warrant Clark is the president and CEO of the Better Business Bureau serving upstate New York. The Better Business Bureau and most of our support comes from small businessmen. We've been trying to do programming over the lists are leaders to help small businesses with timely and important information. Things like cyber security wheels would do workplace violence active shooter reputation management customer service but. This obviously has been topic. I certainly a couple of on the boards including American society for industrial security and crime stoppers. And law enforcement were looking. To try and do one of these events to try and help businesses. See how to protect themselves from it potential cyber intrusion. And and how to mitigated if you were decked. Warren you know you think of cyber attacks you think. They're going after the date this ACMs again attacked by some some. Attack recently but. The smaller businesses. They're much more vulnerable because they don't have the phones or what type of things you recommend small business owners when it comes to protecting personal. Well that's a great question and and and it's a good point is that the big businesses chips have resources. But truthfully these attacks don't come. But directed necessarily at individual that that they know they're they're kind of fishing. With the after other than PH. Looking for a weak spot and computers so. The fact that this hasn't been as prevalent this this last week with the wanna cry and some other derivation of this. Tech haven't been successful states because. Most people here keep their operating systems up to date. And so if you for instance and in Asia and China. And in many cases they've stolen you know they haven't paid the licensing fees so little of the patches that's why this has been much more prolific. In some of those places so the what we tell people make sure you keep your software. The Better Business Bureau we have ours updated automatically what differences in the small business community got a reminder that says a teacher operate I don't do that I got email to do what got a meeting to go to Oregon business to do. And they put it up and if they put all their world. So that's one of the key things that we tell people you should have a plan for responsive. Given my office the place that you call to go plumbing problem electrical problem. And a day at a problem. And then it's things like cyber insurance. Which. The most business owners don't realizes actually specifically excluded in your business owners affected so. You know it it because it's so prevalent they're sick truly know. It's not a question it's listed as not included and you need to buy a policy forward and we didn't have a that the bureau so we have to do the same thing. Is it a requirement now for small businesses that register or after you long to have the cyber security. No it's it's really are. Responsibility to keep their data safe so we that's where we're out doing these things is telling people protect you were dale protect yourself. The truth is probably one and for businesses that does give preached is not gonna make it. Because there are fines and fees and then what you have to pay to recover and then what shift K okay. To potentially protect people whose data you may have breached. And and the number that we're using is somewhere in about six months the average business could be at a quarter of million dollars. Not a big business small business. In fees fines and and and recovery cost Howard these hackers and you for future countless stories of people power summaries hackers. Getting into these small business. Both the players they've they've searched for. The ability weaknesses in IP addresses so. No one of the things that we did as a BBB system we are one of 110 better business groups throughout North America we were all instructed two or three years ago. To go to leave a more secure email service. Every one of those went to a who will need emails surface as part of our North American system. Because that had defense mechanisms. I know has enough for profits sometimes our emails don't get through. Two sources that we're sending him to because there are spam filters so we tell people sister filters. It train train train your employees who don't. We're just talking to our vice president who's here today as well we're gonna actually try and run. A test so send a fake email to the staff and see if they open is something that won't be damaging put that we'll know if they opened it. But use it it's fired or if you you wouldn't not simple fire drill. You you you have to protect everything in your business and your data today. Is probably the core of most businesses. Business so you know if you're dead as breached or or. Vulnerable or loss. The ransom ware that's what he should see yet. It can be devastating. And general tip thing for anyone as a small business employees are few people don't. Click on any links that. You never you don't recognize anybody big business small business individuals absolutely. And to actually deeper than that I got one about two years ago it was it was a hit a drop box attachment. From somebody that sent me Dropbox attachments. But it looked odd to me because it was only to Meehan normally I was part of a small group of dispersed from Woodson to. Now I hit reply instead did you senses. And he misunderstood me. And said yes I use Dropbox and I opened and I got kicked off Google I set 700. Spam emails to people on my Mitt let's. And then had to do recovery. Now I had no idea I know personal identifiable information you know there was no penalties or fines for me. But each of us in the business big or small business is a person. And and a lot of times businesses. May not take that the steps and certainly at home. Yeah we might do things at work that that we should take home with a suit one of the things we preaches to step authentication which is. The only fool proof way to keep your identifiable information right now. And that is if you give a Smartphone. You can you go into your settings and if you're spending money so if you're booked and then. You know looking something up in the dictionary. Line they don't worry about it but if you're gonna spend money it was on your bank eBay. All you do is you go in and set up at Tucson authentication. And and what can you putting your you're password did enter it send you another. Password to your Smartphone that you then have to pander to get him that has not been hacked it so. And we give information on our website and we're actually giving information out about this here today. This ransom where information that's been I mean it's it's literally what it sounds like they're holding your information for ransom. Now we've heard reports that some businesses they paid a ransom they get there. Information back but in other cases they paid a ransom. Nothing happens how com. That's a great question I don't know that we have statistics on that at this point but it was something I was thinking about where we were doing this presentation this morning it was so it's a great question. And and if you were if you ask me for advice which might do next question catered don't pay it. I've I would say I don't know. Some of these at the what the were there when that happened recently over this past week they were looking for bit going there were some things that showed that it was kind of immature if if for lack of a better term that it wasn't there wasn't a professional looking stuff. Would be real hesitant because of real good chance you to pay money and get nothing back. I think the first thing to do was to get into your business response plan. You know make sure that you protect do what you can. What we have is we have a backup system. That that even if we get grants from where what I would do I would not date by which shut it down and I would pick up to yesterday. And start you don't have to try and recreate today. But not yet we do not have paid because you don't know your image. More granting access ten years ago people would get peace and you lost this you know I'm I'm prints from Nigeria and here I am. Money this year either LA if you went to play. Generally speaking now it is way more complicated than it was before you need to speak to how old hackers have really adapted to the growing technology. Well it's it's even more anonymous you know that they were identifying themselves as a person or thing now it's just that it's an email saying. He'll pay or else. And and its two an anonymous kind of situation what they were doing before was playing to something to our our our individual greed so on my goodness they have fifty million dollars and fight helped them get it to the United States I'm gonna get three million of it. Why not you know what could be bad this kind of situation is. And usually small money but it's our direct money going to them so it's not it's not even them looking this early for our data it's the rants from where is the scariest and I think will be the most prolific. Because there's always going to be someone. Who they've these hackers that's what they do for a living trying to figure a way to get into your data. And then if they can shut you down. Again the fact that the United States is not having this problem at the moment think successful people are paying. And I'm sure that it's in the hundreds of millions of dollars these people have made. For Phishing emails. You know so the effective if they find something that's vulnerable in the United States will be susceptible to that at this point. Mostly most American companies seem to be said. Allen Griffin is the senior cyber security expert for AT&T. Techniques and it is not about cyber security something that we're seeing and how we might it would help. Customers that are affected by cyber security. Well this is absolutely critical topic. Been critical topic for numbered years however. You know you think back to Friday it last week. The big ransom wiretap that happens is just. Re emphasize. The fact that customers need to be vigilant and mixes are protected. And TA TT to access apps which she. Yes so our topics today were really about how to protect years mobile device. How to protect your data and how to protect your network. So. Those topics we gave some suggestions. Best practices. And some. Areas that we've observed that. Customers look at to protect themselves. Where I attacked and who who's really at risk moving forward. Well you know the whole range so more thing is probably one of the absolute biggest threat actors. So if you think about ransom wire how it gets into your computer out gets windier network. I really comes in in a couple of different ways one you might get an email and it says hey this is a really great photo of click on and it. You click on and it's got some malware and all the sudden. You've got an hour on your computer. The other thing which. Probably more critical. Is. Many customers did not patch there computer systems. And so if you look at you know it is the way that this thing got started there was my stuff on your ability. And hackers were able to exploit. Can protect. Persons absent or smaller. Market listing teams. In day in particular. You know natural occurrence that you'll write protect its. So there's a number of things that we suggest our customers the matter how big or small you are back up your data. If you haven't done data back up recently do it do it today. Second thing is patch and update your systems so whether user and Microsoft windows when they use an apple I'll ask. Update you're systems. Immediately. And then obviously. Take a look at a good incident response plan in the event that you do get it attacked. And really just focus on a continuous cyber security plan. So cyber security is not once and done kind of thing it really requires. Budget. And it requires. Persistent. And ongoing updating. That's two term cyber. T if that's something you users that. Yet I mean it's it's really all comes together west. Updating your system is back in up your data. But if you look at the weakest link within this change right unfortunately you and I are the weakest link right. We're working word we're mobile we're using multiple devices. Were traveling. And so. Many of these things com not via an employee trying to be malicious or do bad things. A lot of these things Hauptmann because. You've got an email and you wanna respond right away. You ought to be proactive the oil look good for your employees your losses Sadr. In you really wanna try and do the right time. Guy where things can come off the rails. Who are these people that are attacking. Small businesses large businesses is it to mastic is a foreign. Mix. Yeah I mean so if you look at this particular attack. You know they're really still trying to uncover who did what when where and why right. So others a number of theories out there that. Organizations would point to. You know one theory is that this looks kinda similar to what happened with the Sony attack. A couple years ago. And so. You know we don't know exactly who. Started it we may never know and that's one of the things I think is extremely challenging about cyber security today is. If you think back five or ten years ago when people hacked into systems. They would almost put a billboard now. That said it was mean I did it. Look at me and they would thump their chest and everybody be really proud about the big pack. Today. Is dead silent. Nobody standing up saying we did this where the Baghdad look at us we're really. So that's the big challenges. A lot of organizations may have already been you know from infiltrated are impacted. And they have no idea. As the Baghdad they're in this system they're just slowly collecting data and looking at the data. When it comes to. Who is further along so to say. You know hackers their console eating this new technology implementing it are they constantly had the IT security professionals or aren't they are the security people. Saying just about even with the hackers today. Keep keep them in check and keep people safe. Yet that's a great collection I mean I think. Cyber security is it is a giant game of cat mountain right. Hackers do one thing we get new tools we get new hardware we get news software. It becomes more effective and then actors. Who by the way are very well funded bail lots of money to produce these kinds of things. They develop new tools they'd develop new techniques. And then we chase the bad guys we think we come up with a new solution. They developed something else so it's really a giant game of cat mounts were were constantly. Chasing the bad guys. With new tools new capabilities. So that's why when I say you've got to be vigilant. You got budget and you've got to continuously. Update you're systems. To prevent these kinds of attacks. Powell has just generally speaking the cyber attacks affected. Business owners small and large here in western new Yorker. I I'm not aware are it would comment on specific ones here in Western New York. But I can tell you you know these ransom where attacks and other attacks and I've observed over the last years. No one is I mean to these attacks. So you know if you think back to. Our recent election. There were a lot of hackers that put how specific. Threats. Against news media. And they say you know if you were reporting on the campaign on this day this hour. We will attack. Banks have been attacked. So you know if you think about it bank. Their at their big thing is online banking e-commerce all those kinds of things. Other than organizations have sent emails to specific banks and set on this day we will attack. And if you're not prepared then. You know be prepared for the consequences. This obviously potential to do. A lot and I seen it. Check out hospitals. In the UK Brett. Similarly here we've had a house bill. Pack and emergency hospital here in buffalo so obviously this rain somewhere. You sent each edit it and they can and nobody sit and eat fast track. Yes I mean I think it the big thing is if you think back to you know how this started explaining things. It was all around Microsoft Microsoft patch. And so in general if you've updated your systems your probably someone. I mean to those kinds of attacks. And so you know if you think about other countries. They have not been is vigilant about patching and updating their systems as we are here in the US. So you know Mike sought to issues issued a patch. Our folks implement and some some other countries not been as vigilant do any updates as we are here and you. These are the patches the reason why. Arabs are as security the reason why all these companies consulate tomorrow patches does a lot of people they they see only another update from windows or Mac. Now whatever all ignore that but is security the primary reason why these patches come home. So if you think about you you know I personally. Common IOS user I have Max at home have and I found. I updated updated my iPhone IOS ten net three got to last night. And the explanation for the update is bug fixes and improve security. Now to I want. Personally take the risk and not doing it. You know that's up to me but. You know fifteen minute update can provide some pretty good security. If you just implement that. You're. Asked. This but it probably hacked. We can't keep up with the Packers and and where there even hackers you know years ago. Yes I mean we we obviously vast main Simmons dollars and in technology. I think. The biggest change. That I've seen of the last three or five years. Is. A couple of things one. Organizations have become much more aware that this is a threat. He executives within organizations have become aware that this is a key priority. So I think there's a big changes awareness. But Al so think. From the regulatory side and the penalties tied things have gotten a lot more strict. So used to be you know you had a cyber security break in. He gets slapped on the wrist you move on in you know maybe fix things maybe you wouldn't today. Where the year financial institution with your health care organization. There are significant penalties liabilities. That are are part of cyber security today it's of those upon the two biggest changes. I'm. Yeah absolutely I mean think think about. You know if certain organizations can't access your health care record. While you are hat in the middle of a medical emergency. And made don't know or can't figure out that your allergic to a certain kind of drug. And you can't tell them that you're allergic to a certain kind of drugs there are. Not just financial ramifications but late and a kind of ramifications. We attacked our act like your rate for hours yet. Now I mean I think it'd been the key is just. You know update you're systems back to feed data. Train your employees. You know we've we've put. Put forth public announcements at press releases to our customers. And those are really the the the big things that we suggest our customers as they wanna do.