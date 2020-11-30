Is your company safe from cybercriminals? Experts offer advice and tips for better security

With cyberattacks increasingly on the rise, how do businesses go about protecting their customers’ privacy, company financials and operational strategies?

Experts provided the answers and also addressed the importance of a business continuity plan during the Business Journal’s Cyber Resilience Virtual Summit on Nov. 18.

Tony Guerrero, principal with George Petersen Insurance Agency, said businesses that have the majority of their infrastructure in the cloud creates a certain degree of protection, but it’s not foolproof.

“Internally, you may want to have policies and procedures where you have your staff not saving confidential information onto their desktops,” Guerrero said. “Once a system is breached, even though the majority of your intellectual property is cloud-based, if some of that material is saved on the desktops, there’s exposure there.”

Ryan Miller, principal and executive vice president at Portola Systems, Inc., a Sebastopol-based computer consultancy firm, further addressed the intricacies of cloud-based systems.

“If your contingency plan is to rely on a cloud provider to protect vital services, then you’re probably expecting too much out of your cloud provider,” Miller said, adding that cloud-based systems don’t necessarily include the threat protection and intelligence needed to keep email communications safe. “We need systems in addition to these cloud platforms that will analyze links, attachments … and make sure that bad actors using spoofing or fraud aren’t able to compromise accounts.”

He also pointed out that cybercriminals can strike cloud storage and synchronization services, such as Dropbox, Box.com, Microsoft OneDrive and Google Drive, among others.

Miller recommended businesses keep an offline copy of their systems with another cloud provider in a different location. Not only would that help protect against ransomware, it also would safeguard a company’s systems in the event of a fire or power outage, he noted.

Talking about the pandemic and how it’s driven so many employees to work remotely, Miller said it’s critical that every laptop a company gives out be routinely patched, monitored and maintained. In addition, he said antivirus protection should be installed on every machine.

Another tip: Don’t give employees the virtual “key to the front door.”

“Admin access to the local operating systems should pretty much be restricted at all times and users shouldn’t be capable of installing programs on their own machines,” Miller said. “Restricting admin access is going to significantly reduce the effectiveness of the malware to install or propagate across the network.”

Robert Lee, senior security administrator for the risk management division of Exchange Bank, which co-hosted and sponsored the summit, said the bank has planned for natural disasters and cyber events.

“In the past, the bank has had to be resilient for these events; things like a flood, an earthquake, power outages, and internet or connectivity issues,” Lee said. “We’ve been resilient in this manner because we have multiple redundant backup systems (and) we have multiple redundant connectivity throughout our branches on our main sites.”

Exchange Bank revisits its business continuity plan at least annually, Lee said, adding that its future plans include further strengthening its remote access systems and leveraging more cloud and third-party vendors.