Evan Jones: How to fight back against cyber threats to your business

Evan Jones, Reading Eagle, Pa.
·5 min read

Jan. 11—With the new year, there are new threats to your company's computer system.

Tony Cartolaro, vice president of Berks County-based Weidenhammer's Hammer Tech Division, says businesses will have to continue being vigilant for bad actors who want to disrupt their digital footprint, or worse.

The Reading Eagle submitted a set of questions for Cartolaro, who has more than 25 years of technology leadership experience, on how businesses can fight back against cyber threats:

Q: What cyber threats are out there for 2022?

A: Over the last few years we have seen a tremendous advancement in not only the number of cyber threats but also the "quality" of those threats. Not only are these so-called bad actors attacking more organizations and the public in an attempt to get at our data and private information, but they are doing so with an ever-improving methodology. The technology they use, the methods, and the attacks themselves are all getting more advanced and sophisticated. So what do I see in 2022? It's sad to say this, but more of the same. Any why not? It's working for them. Look at any source for cyber threat statistics and you'll see that their efforts are paying off.

Furthermore, attackers are not just targeting large businesses, they target small businesses, family-owned businesses, schools, colleges, hospitals and doctor's offices. They target everyone.

Q: What common mistakes do businesses make with their systems?

A: Inaction — honestly, taking any sort of reasonable action is a step in the right direction. Taking no action at all is what I see most of the time. Yes, most businesses purchase some basic cyber security devices like firewalls and the like. But often times they make the mistake of thinking that makes them safe. "I bought a firewall, so I'm good, right?" The right answer is no. It's not that simple anymore.

As I said, these bad actors are getting more sophisticated in their attempts to gain access to systems. They do so by circumventing the basic security measures most organizations take by "going around them." The most popular way of getting around all of that basic network security technology is going through the humans that operate those systems. Employees at organizations are often the root cause of most successful cyber attacks. Most of time unknowingly, of course. They get an email from someone they think works in IT with a link that tells them they need to download something or go to a site to verify something, and bang that computer is infected. Once infected, the bad actors have access to one computer within the network, inside the firewall, from which they can launch other attackers to get more and more access until they get what they want.

Q: What steps can business owners take to protect themselves?

A: There is a term in the cyber security world known as "defense in depth." This means that you layer on cyber security measures to ensure optimal mitigation from threats at each layer. This will allow business owners to make strategic investments on security products and services on specific areas of their technology infrastructure and to get the most from those investments without over- or under-buying these products or services or over-burdening their IT operational teams with more and more "stuff" to use, monitor and deploy. Think of defense in depth like the layers of an onion — you start with the outermost edge of your business's network and work your way inside. Items in this plan may include more advanced firewall technologies, end-point detection and response tools, traffic monitoring capabilities, and multi-factor authentication requirements.

Lastly, to address the human element of cyber-security, one of the most important items in any cyber security plan is employee/user awareness training. These training programs help instruct your employees to spot malicious activity and to report it before it becomes a problem. This can significantly help reduce your risk. These programs are not only effective, but they are also very budget-friendly.

Q: What is the best way for business owners to stay on top of threats?

A: As a business owner, the best way to stay on top of cyber threats is to first take them seriously. If you make them a priority for your organization, your staff will too. This will enable your IT team and vendors to help you stay on top of what is going on in the industry and feel empowered to bring these items to your attention. Sometimes I see business owners take a more dismissive approach to cyber security and view it as a "waste of money and time." This then sets the tone for the organization and it becomes a low priority leaving them even more vulnerable.

Start making an effort to say, "we need to take this seriously." It doesn't necessarily mean you're going to purchase and enable every single security product you and your IT folks can get your hands on, but it will force your teams to think and plan in a way that is more security minded.

Q: Anything you would like add?

A: Lastly, if you feel that your team needs help, get it. IT partners can provide security related services to business owners today along with managed IT services and hosting services. These types of services have become much more capable and affordable over the past few years. You may be surprised by how little it costs to be a more cyber-security conscious organization.

I will also add that more and more business owners are also getting asked about their cyber security practice by their clients. I routinely get engaged with clients to help them build a formal cyber security program for their business to not only help them be more secure, but to also help them be more "marketable" to their respective clients and prospects. By demonstrating to your clients during the sales-cycle that you take cyber security seriously you help them feel more at ease with this new relationship. This helps fortify the trust needed to build great and lasting business relationships.