Those of us who work in digital marketing deal a lot with confidential information, and we need to do what we can to protect it from the bad guys. But there are other more recent threats that are increasing the importance of cybersecurity. Many recent cybersecurity examples often involve ransomware—where a hacker gets inside of a corporate network and “dwells” there for months, figuring out where the important information resides, and learning how to shut down the company’s network. At some point, the hacker encrypts every computer connected to the network, shutting down any access or use, and holds the information hostage for some outrageous sum of money. These attacks are more frequent than ever, thanks to software applications that literally provide a “kit” for ransomware attackers.
If you work for a company, or you own your own company, your own work habits can either be safe or unsafe. You can be leaving doors open for these attackers or keeping them out. Our work with one of our clients, Blue Team Alpha, has brought me up to date on the types of attacks that are taking place and the vulnerabilities that we all need to avoid.
Here are some things you need to watch out for and habits you need to develop in order to stay safe.
- Don’t assume you are “too small to be attacked.” According to sources cited by Forbes, 58 percent of cyber attacks target small businesses, and 60 percent of small businesses that are victims of a cyber attack never reopen. When Blue Team Alpha is brought in to rescue a company from a ransomware attack, the first thing the client always says is, “We didn’t think we’d be a target.” We are all targets now.
- Teach all of your employees to be skeptical. All a hacker has to do to obtain access to a company’s network or a person’s personal information is to send an email that looks legit but is a bogus request for information. Whenever you get an email or a text that asks you to click a link and sign in, and the link you’re clicking on is not the one you think it is, you can be feeding right into a hacker’s hands. Instead, don’t click. Go right to the legit site and sign in separately. If there really is a problem, there will be some sort of alert signaling an issue, and you can resolve it. If there isn’t, you will know that the email was a fake.
- Never, ever assume your malware application is keeping you safe. No single application can cover all the vulnerabilities, especially the “trusting a human to always do the right thing” vulnerability.
- Never, ever provide someone with a username and password in a single channel. First, make sure that the person asking is really the person you think it is. One thing that hackers do is hack into a top executive’s email account and start sending emails on that person’s behalf, even asking clients to “send money to this other bank account” via email. Second, if you are sure that the request is legit (make sure by some other method than email), provide the username in one channel and the password in another, without saying what it is for. Better yet, pick up your phone and call the person. Whenever you type something in, it can be intercepted.
- Use only secured networks. Public Wi-fi is completely insecure and an open door for a hacker. Hackers can even get so deep into your computer that they can capture your keystrokes, which reveal your username and passwords as you type.
- Beware of people getting into your ad accounts. Speaking of digital marketing, here’s a real-life example: a company owner advertising on Facebook got her computer hacked. The hackers figured out how to get into her Facebook account by capturing keystrokes, and started running ads on her account. Fortunately she caught it quickly, cancelling her card and stopping further ads from running, within an hour of the breach. But it created all sorts of serious problems with the Facebook algorithms and bots, who are now convinced that she runs inappropriate ads.
- If you are attacked, and you have no backup, you’re really in trouble. Backup your own computer daily onto a removable chip or drive. Unplug the computer and the backup drive every night, and put them in a fireproof safe. I have all my “work” files in one folder, and that’s the one I back up. If you do most of your work in the cloud, backup your cloud resources to a third-party service and to your own backup drive at least once a week. Then at least you can go back to work immediately if the hacker is trying to shut down your business.
- Use a password management program such as LastPass or Dashlane. Most of us have to remember hundreds of passwords now, and using the same password for everything is an open invitation to be attacked. Once that password appears on the dark web, you’re toast.
- Use a browser extension to block malicious sites. uBlock Origin is such a program. It works with Chrome.
- Don’t let your browser save your passwords. This is a big no-no. If you let your browser save your passwords, and a hacker gets into your computer, he’ll have access to all your cloud-based applications, social accounts, bank accounts, and more. Instead, use the browser plugin that comes with the password manager of your choice. This will allow you to authenticate before allowing access to the passwords, stopping attackers in their tracks.
- Make sure your computer is set to do automatic updates. This ensures that you are using the applications that have been strengthened against hacking with new fixes.
- Encrypt your computer. This will make it a lot harder for a hacker to steal your data, especially if they gain physical access to your computer via theft. if they get in. Here’s how to do it on a Mac or Windows machine. You can encrypt individual folders and passwords to open them, which is good for financial and personal information.
- Change the DNS on your computer to 18.104.22.168. Here are instructions on how to do this on a Mac or Windows machine. This will improve your privacy, because it will switch your DNS provider to CloudFlare, which swears that it doesn’t keep a log of your activity. This is something that your cable or other internet provider probably can’t claim. CloudFlare also actively fails to resolve bad or malicious hostnames, preventing your computer from connecting with them. It is not 100% failsafe, but it is a huge help.
However . . . if you are attacked, disconnect from the internet and the network, but leave the machine running. There are clues in the memory of the machine that will be erased when the computer is shut off. Doing anything after the hacker attacks could thwart the detective work the experts need to do. Get a cybersecurity expert involved, ASAP.
Ask a cybersecurity firm to monitor the dark web for your accounts so you can be alerted if something is compromised. When something is compromised, change the passwords on the accounts immediately. And let one of these password management programs generate your passwords for you. Sometimes it is a tiny bit less convenient, but it will save you a lot of grief in the long run.
You simply can’t be casual about cybersecurity anymore. If you are working on a computer every day—and who isn’t?—you have to be aware and intentional about this. Having your work life shut down due to a ransomware attack, or having your identity stolen can be a big, fat disaster that will be very difficult to recover from. It’s just not worth it.
But there’s more when it comes to marketing and cybersecurity. One of marketing’s key jobs is to make sure that your company can be trusted. Sure, if you do get hacked, and you have cybersecurity insurance (a very good idea these days), some of the cost of the attack will be covered. But what about your reputation? Ransomware puts all of your business records at risk, and the information that you are trusted with from customers or clients.
It’s difficult, if not impossible, to re-earn trust, once lost.