Issue link: https://nebusinessmedia.uberflip.com/i/1487783
wbjournal.com | December 12, 2022 | Worcester Business Journal 17 C Y B E R S E C U R I T Y F O C U S Jackson Restrepo learned the hard way how to succeed as both a landlord and real estate investor. The hard lessons he learned early in his c areer have paved the way toward prosperity today. Jackson studied the market, saved tenaciously, and built a partnership with Country Bank which has provided him with expert guidance every step of the way. C O U N T RY B A N K . C O M T HE Y ' V E BEEN PI VO TA L IN HOW W E' V E M A N AGED T O GR OW. " " JACKSON RESTREPO Woo City Property Management, Worcester Most common cyber-crimes 2017 2018 2019 2020 2021 Phishing and related crimes 25,344 26,379 114,702 241,342 323,972 Non-payment/non-delivery 84,079 65,116 61,832 108,869 82,478 Personal data breach 30,904 50,642 38,218 45,330 51,829 Identity theft 17,636 16,128 16,053 43,330 51,629 Extortion 14,938 51,146 43,101 76,741 39,360 Source: FBI Internet Crime Report 2021 "If [a small or midsize business] is hit with ransomware, it's typically out of business within six months," she said. Fixing the weakest links While installing soware patches and maintaining best practices with firewalls and anti-virus programs is important, several tech professionals said the biggest key to staying safe is employee training. "Unfortunate- ly, the weakest link in cyberse- curity is us, the end user," said Libis Bueno, CEO of the Worcester IT and cybersecurity firm Domitek. For example, Bueno said sales people are oen eager to respond to emails right away in the hopes of winning a new cli- ent. But, if they're not alert to danger, this can cause them to click on unsafe links or provide information opening up new vulnerabilities. Another common scam is when a person will contact the human resources department posing as an employee and ask to change their direct deposit information, sending their salaries to an account owned by the scammer, said Helder Machado, CEO of Machado Consulting Inc. in Worcester. When this happens, Machado said, there's no way to get the money back. "It's gone," he said. "at money's gone. It hits that account, and it moves right out." To avoid this situation, he said, compa- nies need a policy in place requiring they call an employee or vendor to confirm any financial change. Companies' vulnerabilities grew when many people began working from home in 2020, Bueno said. If a worker's child downloads a game on their laptop, it may bring infected code with it. en, when the worker connects to the company's virtual private network, it can spread. "VPN is just a tunnel from your com- puter to the office, so you just opened that door," Bueno said. Preventing & preparing for attacks Companies sometimes assume if they have cyber insurance, any losses they incur from hacking will be covered, but that's not always the case. If a client isn't doing its part to keep its systems safe, in- surance may not cover a claim, Machado said. It's now more difficult to get insured in the first place, Drolet said. "People are losing cyber insurance, or premiums are going up 50% to 100%," she said. To qualify for insurance, companies may have to show they're doing every- thing they can to reduce their vulnera- bility. One key is simply to have a plan in place for what to do if the company is attacked, Helm said. "ink about what would happen if you woke up one day and it had hap- pened," she said "What would you do?" If a company doesn't have a rela- tionship with an IT firm, it may waste valuable time trying to find one to help in an emergency. In general, Helm said, it's best to have an ongoing relation- ship with someone who understands cybersecurity, whether it's an employee, a company hired on retainer, or even a particularly helpful and tech-savvy friend. On the whole, she said, a compa- ny without its own IT department can usually benefit from working with a firm to help with training staff and staying apprised of best security practices. "It's really important that you find good companies, good partnerships to help you," Machado said. "Most small business owners, this is overwhelming. ey're busy running their own businesses." Helder Machado, CEO of Machado Consulting Inc., advises companies to add an extra layer of precaution for financial transactions. Libis Bueno, CEO of Domitek W