

What would you do if your technology systems were hacked, shut down with ransomware or infected with tech time bombs set to go off in the future? It’s important to know how to handle these unprecedented threats.
SCORE is a 55-year-old nationwide non-profit organization providing free mentoring services to business owners. Our SCORE experts are here to guide you safely through that minefield.
In a recent episode, we explored digital marketing and SEO. Today’s SCORE Business TV episode #12 is on Cybersecurity.
In this video, Host Dennis Zink and his two expert guests are David Spire, Vice President and Chief Development Officer for Entech and Christopher Brenes, Director of IT Security for Entech, discuss the following topics:
What is cybersecurity?
Is it safe to exchange digital data?
How safe is the cloud?
Are all clouds created equal?
Does Entech recommend a passive approach or an active approach to cybersecurity?
Isn’t it only the big companies that are the targets?
How can you test the efficacy of protocols for weakness in your company?
What would be a passive approach?
What do the crooks do with your data?
Should a client pay ransom to get the “keys” to unlock and access to their files?
What types of attacks are you seeing?
Can the right insurance coverage insure against these thefts?
A company finds out they're hacked, what should they do?
Is machine learning or artificial intelligence used to prevent breaches?
What is the definition of ransomware?
Is there honor among thieves? After you pay, do they provide the keys to unlock and recover your data?
When shouldn't you open emails and attachments?
How often should you change passwords?
How long should passwords be?
What do you think about password manager programs?
Are there any tips you recommend when using password managers?
Is it safe to use Wi-Fi in a hotel or in public?
What’s a brute force attack?
What should a company do about having a disaster recovery plan?
“Ransomware is a malicious software that is installed on your machine or your network. The machines on your network, they encrypt all of your critical files. They don't encrypt the operating system because that would ruin the machine, but they target document types that users use across all kinds of industries. When they're encrypted, the keys are not kept on the machine. The keys are encryption keys, which is what you need to decrypt them. The attackers have those offsite somewhere and what they'll do is they display a note on your machine. When it's done encrypting, it says if you want to get your files back, it's going to cost you this much,” said Christopher Brenes.
“It's typically Bitcoin and so you have to arrange to purchase Bitcoin. It's anonymous. It goes out to the ether and you lose track of it and you've made a payment to some anonymous attacker somewhere,” added Brenes.
“Anytime that you think there's something going on that seems a little abnormal. It could be who it was sent from. The email address looks correct, but the domain is not quite right. It could be the time of day that it was sent that's a little bit abnormal. Three in the morning when you're used to not getting emails from that person at that time. If it contains an attachment that's not relevant to a typical communication string or to your role within the organization, don't open it. If it says payroll report and you're not in HR, don't get nosy. Curiosity killed the cat, it also kills the network,” said David Spire.
“Email attachments commonly can hold malicious payload, so you don't want to open those. It used to be that you didn't want to click on any dot exe. Nowadays, they'll put that malicious payload on Microsoft Word documents, PDF files, any kind of file. Beyond the attachment, they've become much more sophisticated where they're embedding malicious payload in links. Just click a link, the emails look incredibly realistic. Educate people on what to look for, question everything. If you do think it's legitimate but you believe there's a shred of concern, always communicate out of the band with that person. Make a call or shoot a text message, hey, did you really send this?,” added Spire.
“Password managers were designed to help keep passwords secure and help use different passwords across different applications. You should absolutely not reuse passwords. There was an article that came out two days ago of a hacker that just got out of prison. He spent 17 months or so there and he said his number one favorite thing was password reuse because when he learned your password, one application, he would take that out and he would try it against banking sites, Facebook, LinkedIn, anything you could think of where he could get additional information or additional passwords. Password managers allow you to very easily create complex passwords. It stores them for you where you can use them from any device, which makes it convenient,” said Christopher Brenes.
“I absolutely believe in password managers. I happen to use LastPass myself and I'm not affiliated with LastPass in any way. There's plenty of good ones out there. When you put all of your passwords into a single spot, you suddenly have a very large vulnerability if it gets compromised. Don't use one unless you back it up with what we call two-factor authentication (2FA). That's going to give you an added layer of protection,” added Brenes.
Dennis Zink, SCORE Manasota Chapter Chair
Christopher Brenes, Director of IT and Security, Entech
David Spire, Chief Development Officer, Entech
Taking On Business Partners: Risks and Rewards
To get help with cybersecurity or any other small business issue, request a free SCORE mentor by completing this form today!
SCORE Business TV is Sponsored by
Copyright © 2023 SCORE Association, SCORE.org
Funded, in part, through a Cooperative Agreement with the U.S. Small Business Administration. All opinions, and/or recommendations expressed herein are those of the author(s) and do not necessarily reflect the views of the SBA.