We recently had the pleasure of speaking with Dave and Luisa Russoman from the IT firm Boxmeta (www.boxmeta.com, 904.229.0922, firstname.lastname@example.org). Dave and Luisa worked on Wall Street in the early 2000’s, Dave in IT and Luisa for a large investment bank. They were living and working in Manhattan on 9/11, and decided to bring their talents to Jacksonville not long after that.
Shortly after arriving in Jacksonville, they saw a gap in the market addressing the small business IT space. Utilizing the principles they learned on Wall Street, they set up Boxmeta as a small business IT firm, and their background in financial services led them to service many of the firms in that industry located in Northeast Florida. One thing that most of their clients have in common is that they embrace technology as part of their culture.
We had the good fortune to get them on our show for two weeks in a row recently, and I wanted to capture some of the advice they gave our listeners during those shows. Here is a summary of what our listeners heard:
What sets you apart from other firms in the area that do what you do?
Network security is a process, not just a piece of hardware. Dave compared it to putting a great lock on the door, but if you don’t use the lock, it is useless. They use a combination of hardware, education, monitoring, and updating as needed for each client. They also conduct audits that are comprehensive and industry-specific.
What is the state of the art in IT security and where are most people lacking?
Many people think that if they use a $30 piece of software and to get an antivirus program and a firewall that they are safe. This is definitely not the case. Most attacks originate from inside the company, with an unsuspecting employee doing something that compromises the network without knowing it. Most likely they clicked on an email they shouldn’t have or gave away a password over the phone to someone who sounded like they were a legitimate business partner. The process really starts with training the people at the business. Some companies actually reward employees for spotting cyber security risks in order to really build the culture of cyber security.
Employees really need to understand the risks and where they might come from. Risks include logging onto to open wifi networks, and emails that look like they are from friends. As soon as you click that link, your network is compromised.
How can individuals protect themselves online?
If you do online banking (which most people do these days), use a separate bank account for online transactions. Keep a limited amount of money in this account, which will limit the potential amount that a hacker can steal from you. You are far better off using credit cards online than using debit cards or linking your bank account.
Paypal has some sort of guarantee on their transactions. However, if you link a bank account to Paypal, still use the separate bank account mentioned above.
If you don’t have a password manager, think about getting one. Password managers make it far easier to manager unique passwords for hundreds of websites, and they can generate complex, random passwords for you that won’t be easily guessed. Using complex, 8 character or more passwords is actually far more effective than changing passwords frequently.
Avoid public wifi as much as possible. If you are going to use it wifi, bring it with you in the form of your cell phone or a separate hotspot. If you go into Starbucks, someone could sit in the parking lot with a hotpot named “Starbucks”, and if you connect to it they will be able to see all of your web traffic.
Any threats that you see locally more than normal?
No, the same types of attacks happen everywhere, and they are not location specific. Ransomware is the new popular scam. Hackers compromise one machine on a network, which locks all the files on the network. They then charge you a ransom to get access to the password to unlock your data. Many people and businesses do not have the proper backups in place to recover from this type of attack.
What kind of attacks have you seen?
One financial firm got an email from what looked like a client to wire money, and the request was similar to a wire that was done the previous month. They didn’t call to verify with the client even though that was their protocol, and the money was wired and lost.
Apple vs Android, is one more secure than the others?
All systems are vulnerable to hacking, but Apple seems slightly less vulnerable. Their platform is all controlled by Apple, where the Android platform is more open and has more possible points of entry.
PC vs Mac, is one more secure than the other?
Really no difference, if you are on the internet, you are vulnerable.
How should you react to the news of the major Yahoo breach?
Change your password right away if you have a yahoo email account. Make sure you aren’t using that password anywhere else. Turn on two-factor authentication, which texts you when you use any new device to log into your account. Even if they didn’t hack your Yahoo email, it is very easy to spoof your email which makes it look like you are sending out emails to your friends even though you didn’t.
Should you close your Yahoo email account?
It is safer to close it down, but also very complicated to do so. It is understandable that many people would not choose to close their accounts.
Are online security questions important?
Some new studies indicate that they are pointless. People use too much information that is publicly available on Facebook or Linkedin. Unique, complex passwords work much better.
What is the best way to give your college-aged kids access to money?
A good idea for kids is to get them prepaid Visa cards or a credit card with a low limit. The credit cards also help them build their credit at the same time.
Van Wie Financial, fee-only… for a reason.