Blog

Basic Cyber Hygiene

Posted on June 6, 2023

Basic Cyber Hygiene (Podcast)

In this podcast, Dave Hodgdon and Steve Ripper talk about basic cyber hygiene. Then, they invite listeners to join them for a meeting to learn more about risk assessments, protecting your business from phishing attacks, and more.

Portsmouth Computer Group · Basic Cyber hygiene

Dave Hodgdon: Good afternoon. This is Dave Hodgdon with PCG. I’m here with my guest today, Steve Ripper. We’re here to talk about one of our current events upcoming on our cyber security series. Welcome, Steve.

Steve Ripper: Hi, Dave. Thanks.

Key Policies to Improve Cyber Security

Dave: It’s always a great day to talk security, Steve, and it’s a topic that most New Hampshire and Maine businesses should be very aware of. The landscape is tough out there and a lot of what the businesses are coming across, there’s unknowns out there, Steve.

So our goal of this series is to educate them, and we want to set the stage for our first series which is going to be called Basic Cyber Hygiene. What’s the minimum that you need in place, Steve? So from a high level, Steve, what are some of the key policies and procedures that should be in place?

Steve: Yeah, so first of all, it’s really good that we’re doing sort of an overview because really we just got to kind of get awareness out there. It’s easy to go into really deep topics, but this is just more of an overview of what every company needs to be thinking about.

First, we’re going to be talking about password policies. We’re always going to start with password policies. We’re going to talk about MFA, my favorite topic. Anyone who’s been listening to some of these, we’re going to have some MFA in there.

What should you be doing about remote access, your backups? What happens at the cleanup portion of things? What if you have to resolve some stuff, if you have to find data or recover data? What do your backup policies look like? Cyber insurance, patchings, unsupported computers, really top to bottom from the minute a user signs in, to all the way at the very end when something bad has happened and how you clean it up and every single thing in between.

The Importance of a Risk Assessment

Dave: The statistics out there, Steve, it’s phenomenal what percentage of small businesses are being hit. A lot of them just don’t think it’s going to happen. But the data out there from Forbes, USA Today, the cyber attacks are happening. They’re coming at you when you’re least expecting or when you’re not working.

So it only takes one cyber attack to affect your business. So the goal of this first workshop is we have an excellent security panel to join us and we’ll have some of the key leading people in cybersecurity on this workshop with us.

We’re going to go over the cyber threat landscape. As you mentioned, Steve, some of the policies and procedures they’re going to put in place, and a big thing that a lot of companies need to do is just get a value where they’re at. This is what we call the risk assessment. And Steve, from a high level, what are the few key things that risk assessment is going to bring value to the business?

Risk Assessments Evaluate Your Level of Cyber Risks

Steve: Well, yeah, so it’s going to bring quite a bit of value, but let’s back up for just a second and talk about that title in the first place because, Dave, you just mentioned a few seconds ago that a lot of the companies think that it isn’t going to happen to them.

Well, what are they doing? They’re really just, whether they know it or not, they’re evaluating risk. They’re just assuming that their risk is very low. But what we are saying is that certainly when it comes to cybersecurity, your risk is much higher now than it used to be.

Are you going to get attacked? Maybe not. But your risk is very much more probable that you are going to. And so that’s what a risk assessment does. We understand that you’re probably not going to do everything. We could run up an incredibly large budget and pretty much run you out of business with doing a huge amount of security.

It’s not our goal. It’s not your goal. So what we really have to do is determine what are the ones we have to get and what are the ones that we can either think about, table, or plan against, or sometimes we’re not even going to do it. We’re just going to say that there’s going to be an exception to this, but what we’re doing is we’re going to assess risk.

Where are you at on that spectrum? And then we’re going to make recommendations and plans for the ones that you really need to remediate and to fix, and which ones can you table?

Okay, and Dave, I’ll just leave it at this. I will tell you that almost every time we do one of these, a lot of times the people who do them know already what some of the ones that are sticking out. They know before we get to passwords that they should be doing better with passwords, that they don’t have MFA, that they’re not signing into their bank website correctly, that they’re not totally sure that whoever’s managing their backups is actually managing their backups.

So they know a lot of the risks, but then there are many that they don’t know, that they’re very surprised about the questions. So that’s what a risk assessment is going to do. It’s going to really give you a qualitative and quantitative view of what your risk is.

Join Us to Learn How to Protect Your Business

Dave: Excellent insights, Steve. So we have two event dates for this. It’ll be on Wednesday, May 24th, between 8:30 and 9:30. And our second event for those that can’t attend the morning session will be on Thursday, June 8th from 1:30 to 2:30. Again, this is a huge topic for small businesses about protecting your business from phishing scams in a ransom attack. We look forward to joining our workshop with some of the leaders in the industry, and everyone have a great day. Thank you, Steve.

Steve:   Thank you.