October is National Cybersecurity Month, providing independent grocers with a timely opportunity to catch up on the latest advances in cybersecurity.
It’s always a good time to assess whether you’re vulnerable to hackers, where the weaknesses are in your systems and what you need to do now to beef up your security measures to protect your business and its stakeholders.
In a recent webinar hosted by the National Grocers Association, cybersecurity expert Ken Andrews, president of Millennium Digital Technologies (MDTech), explored the latest potential cyber threats and suggested simple steps you can take to mitigate your risk and offer peace of mind for you, your trading partners and customers.
“The risk is not going away – it’s getting worse,” Andrews said, noting that 80 percent of businesses he helps have “severe security risks” even with basic firewalling. Too many, he said, have a “false sense of security” about their computer networks.
Hackers are “not just attacking you,” Andrews asserted, “they’re attacking the industry and causing chaos in the food supply.”
Here are some key takeaways from the presentation:
Beware of ransomware. It’s the leading cybersecurity trend, with occurrences spiking in the last two years. According to Andrews, a company will be hit by a ransomware attack about every 11 seconds, with email the delivery method for 94 percent of cases. The average ransom payment in 2022 was $228,000. About 40 percent of ransomware victims made a payment in 2022 but only 56 percent were able to recover stolen data using backups. The number of attacks has leveled off, but the effectiveness of attacks has increased substantially.
Manage your network. It’s your business’ first line of defense – it protects systems from the internet and each other. A critical checkpoint to detect malicious activity, your network presents an opportunity to take proactive action.
Control remote access. Do you know who has remote access to your network, and do you know how secure their systems are? Make sure your remote access tool is secure and that it’s removed when no longer needed.
Multi-factor authentication. It’s designed to make your system more secure but is vulnerable if you’re careless. Disable bypass codes if possible and don’t save the codes in your system if enabled. Also, don’t store codes and passwords on your computer where they can be discovered if your system gets hacked.
Don’t forget about the cloud. Just because data is in the cloud does not necessarily mean it’s secure. Hackers are exploiting this weakness, so take measures to protect this stored data. If you are using cloud solutions like Office.com or Gmail, you need to implement your own cloud security solution.
Endpoint detection and response. You need to add EDR to your sensitive computers. It’s your last line of defense against next-generation, AI-powered attacks. All machines used by staff that browse the Internet or open emails, and critical computers used by owners, accountants and human resources should be so equipped.
For more exclusive insights about cybersecurity, view a recording of the complete webinar at https://attendee.gotowebinar.com/recording/832507758196498434.