Chilling tales of Cyber Security
By Mike Mullet
It’s easy for owners of small businesses to think hackers won’t attack their computer systems.
After all, who would bother to hack into the computers of a business that might have only five employees? Businesses of all sizes have been targets of cyberattacks, though.
Chris Noles, a twenty-five-year IT industry veteran and founder of Canton-based Beyond Computer Solutions (BCS), says businesses can do a great deal to protect themselves. The first step is training their staff not to let hackers in.
“When we get called to a company experiencing a cyberattack—ransomware, wiringfraud, or data theft—it’s not usually because a cybercriminal has taken the time to hack into their network,” says Chris. “Most of the time someone at the company let the hacker in.”
And the most common way someone lets a hacker in? Email.
“Someone will send a phishing email—a fake email with a computer virus—and an employee will open it or click on the link in it or try to open the attachment, and that’s all it takes,” Chris says. “Anti-virus software is important, but not nearly enough anymore.”
Long gone are emails from the Nigerian prince asking for your bank account so he can send you millions of dollars once his fortune is unlocked. Today’s phishing emails are much more sophisticated. “An email may say it’s from a coworker and even have your company logo,” Chris says. “It may look indistinguishable from emails you get from colleagues every day.” So similar, in fact, you might not think twice about trying to open the attachment, and that’s exactly what cybercriminals want.
“The attachment won’t open, so you call your coworker and tell her you’re having trouble with the file she sent, and she says she didn’t send you anything. You delete the email, but by then it’s too late,” says Chris.
Still, it’s unlikely anything bad will happen right away. “The code you let in may sit on your server for thirty days, sixty days, or longer, while the hacker learns who’s who in the organization and gets your clients’ names, your vendors, and your data,” Chris explains. “A month or two down the road your server crashes, and you get a ransomware demand, and whoever opened the phishing email in the first place probably doesn’t even remember doing it.”
In the know
Chris knows a great deal about information technology—computers, networks, hackers, security, and more—because he has spent the last two decades helping businesses build their IT infrastructure. He’s watched the basic PC evolve from what was essentially a stand-alone word processor in the early 1990s to the network-linked processing powerhouses of today.
I started BCS twenty-one years ago, in January 2000,” he says. “Our initial focus was real estate attorneys, but today we work with all kinds of companies, large and small, across metro Atlanta.
Leading a team of seasoned IT experts, BCS helps companies build and maintain their IT systems by installing servers, moving data to the cloud, being the help desk, providing backups, and keeping technology current. The company partners with cybersecurity firms to provide total solutions that let clients worry less about IT and cybersecurity and focus more on running their business.
“I’m proud to say we partner with some amazing cybersecurity teams; security is all they do,” Chris explains. “Any managed IT company can say, ‘We’re secure,’ but you need to find out if they have a cyber security partner. Cyberattackers get better every day, so you need someone whose sole focus is security, what we call managed detection and response. Together we provide both functionality and security for customers.
Like many businesses moving out of the metro area to more serene north Georgia communities, Chris relocated Beyond Computer Systems from Cobb to Cherokee County in 2020. He and his wife moved north at the same time.
The company, whose employees mostly work remotely but go to clients’ offices when needed, has a suite at THRIVE Coworking in Downtown Canton, which Chris says is a perfect fit. “THRIVE has everything we need and a really hip vibe,” he says. “Plus with easy access to I-575 and Highway 20, it’s easy for us to get anywhere we need to see a client, even if it’s a little longer drive. I’d rather make that drive knowing I get to come back to north Georgia at the end of each day.”
Is your business vulnerable?
This summer the research arm of cyber security industry giant Cybereason released a report detailing the many costs a business might face as the result of a ransomware attack. Surveying more than 1,200 businesses of all sizes that had been victims of an attack, the researchers found fully two-thirds suffered significant revenue losses as a direct result. Company size had little impact on financial losses.
“The other thing a cyber hack can damage is your reputation,” adds Chris. “Your suppliers, your customers, they expect you to keep their information secure. If you can’t, they may think twice about doing business with you.”
Although the biggest cyberattacks get the headlines, such as the attacks on TJ Maxx, Equifax, the City of Atlanta, and more recently, Colonial Pipeline, any unprepared company could be vulnerable.
The Cybereason report estimated a ransomware attack on a business somewhere in the world about every eleven seconds. Chris Noles has a simple test a business can use to determine if it might be at risk: “Are you connected to a wire [the internet]? If so, your business can be compromised,” he says.
An ounce of prevention
As much as threats may be lurking around every corner, companies can do some common-sense things to protect themselves. Chris recommends focusing first on three priority areas.
First, train your employees. “Well-trained employees are like human firewalls,” he says. “Can your employees spot a phishing email? Do they know what clues to look for? Almost every hacking crisis I‘ve worked on happened because an employee let the hacker in through an email. Training is inexpensive and quick, and the benefits are huge.”
The second priority is to lock down your email. You should not let employees use personal email accounts such as Yahoo, Hotmail, Gmail, or others to conduct company business.
“Buy a corporate email domain, make sure all your employees use it, and enable multifactor authentication,” Chris says. “That way you can track what’s being sent from your company, but more important, you can see what’s coming in, who let it in, and when. A corporate account helps you protect your staff and your data.”
Finally, Chris says, keep your technology up to date. “For example, Microsoft doesn’t support Windows 7 anymore, and its vulnerabilities are well known,” Chris says. “Software companies are constantly sending updates and fixes for problems they’ve uncovered, and it’s important to keep your software and hardware up to date.”
While cyber security has a cost, Chris advises asking yourself whether investing 2 percent to 3 percent of your annual revenue in IT and cyber security is a more reasonable figure than paying a huge ransom. “The average ransomware demand these days is about half a million dollars,” he says. “I don’t know a lot of small businesses that have that kind of cash lying around, not to mention the sales you lose while your IT system is locked up.”
Chris’s experience growing up the son of a small business owner and now a small business owner himself is what drives his work. “I’m passionate about not wanting businesses to be victims of a cyberattack,” Chris relates. “I take care of other businesses, and we are all targets, but small business is the backbone of America, and I don’t want to see it damaged or taken down.”
A resident of Cherokee County since 2004, Mike Mullet has been writing professionally for nearly thirty years. Between his work in public relations and freelance jobs, he has written about diverse topics and industries, including healthcare, energy, banking, hospitality, conservation, behavioral health, mining, technology, and manufacturing.