Cybersecurity Explained in Non Geek Speak

Step by Step Guide for Better Online Security for Small and Medium Business Owners in Rochester & Buffalo, NY

If we know anything about the owners of small and medium businesses here in Rochester and across New York state and Buffalo, it's that we work hard to build our companies and make them successful. We understand the months of stress, countless sleepless nights, and having to make sacrifices. And we know that after all this sweat and blood, you really wouldn't want to do anything to jeopardize your success. But trust us (because we see it every day at Capstone IT), there are plenty of risks out there for any company that uses IT equipment or the Internet, and we want you to stay safe.

Every day there are cyber-attacks on companies like yours, and the numbers are rising. A study by the Ponemon Institute in 2014 found the average annualized cost of cybercrime, incurred by a benchmark sample of U.S. organizations, to be $12.7 million, a 96% increase since the study began just five years ago. And hackers prefer to target smaller businesses to big multinationals, as SMBs are less likely to have the latest security features in place and the resources to fight cybercrime.

Types of Threats

There are so many pieces of malware, viruses and so on being created every day, that if you use the Internet to do business - and let's face it, that's most of us - you can never be completely safe from attack. Let's look at the types of threats your small business is facing out there.

Viruses, worms and Trojans

Viruses, worms and Trojans are the most common types of malware. A virus attaches itself to a file and, when the malicious code is activated, it can spread between computers, infecting and damaging your systems and stealing data. A worm works in the same way, but can replicate itself and move between computers without users having to click and activate it. Email spammers use worms to send junk mail by copying their messages to everyone in your computer’s address book. A Trojan is a type of virus that causes damage and data loss after getting into your systems by disguising itself as innocuous emails or software.

Phishing scams

Phishing scams are set in place by hackers and criminals seeking sensitive information like usernames, passwords or bank account details. You may receive emails that appear to be from friends, family or trusted sources such as your bank or government agencies, requesting certain information or asking you to follow links to fake sites that ultimately infect your systems.

Insider attacks

Not all attacks are from shadowy criminals trying to access your systems. Sometimes they come courtesy of a "loyal" member of your team. We pride ourselves on having a close knit and ever-friendly team here at Capstone IT, but we know that we're pretty lucky. In all sorts of companies, there will come a time when a staff member has a grudge or simply sees an opportunity to benefit themselves financially by taking your contacts, codes and templates. These attacks are harder to defend against, but there are precautions you can take.

7 Tips To Staying Safe

1. Make sure you're always using updated software

The most basic thing you should be doing to keep your business safe from cyber attack is ensuring that all your software is up-to-date and patched. And you need to do this within a day or so of any major software update release. Downloading software updates is something that many of us put off, planning to do it later - but this is a mistake. They contain vital security upgrades that keep your devices and business information safe, and hackers take advantage of our typical lack of proactivity in updating software, knowing they will likely have a period of opportunity where we leave ourselves exposed and vulnerable.

2. Use strong passwords

We can't emphasize this enough. We understand it can be a pain trying to have different passwords for all your different programs and devices, but having the same one for several applications is asking for trouble. Stick to all the usual rules: use longer passwords that include numbers and symbols, and change them often. If this sounds like hard work, think about installing password management software. Password managers store your login info for all the sites you use, and help encrypt your whole password database. You can access everything at once with a single master password, which is the only one you have to remember.

3. Don't trust suspicious or unsolicited emails

Emails are the most common way for hackers to get into your systems, so delete suspicious emails; they could contain fraudulent requests for information, or links to damaging viruses. You have to be vigilant, as some phishing emails are amazingly similar to the real thing sent by legitimate organizations. Check URLs carefully, and if you suspect an email is from a malicious source, delete it from both your inbox and deleted items folder immediately. You should also be careful when using social media. Hackers often use personal information found there to target you in phishing scams, and to send emails that appear to be from people you know.

4. Always use antivirus software

Install antivirus on all your devices to help prevent infection. In theory this should detect and make safe any malware threats and viruses that get into your systems. But antivirus software is reactive, meaning it is only truly effective against known threats. The creators of antivirus software need to understand how malware works before they can write programs to find and neutralize it. So newer pieces of malware can often slip through the cracks in your antivirus software. This is why it's important to take a layered approach to fight viruses, and combine your antivirus software with firewalls, a thorough system of password management encryption, and data loss protection tools.

5. Train your staff

Make your staff aware of cyber security threats and how to deal with them. Teach them to be careful about the websites they visit online, and how they use social media. It is a good idea to hold workshops about new threats or any phishing scams that are out there, and how your staff can make their personal devices more secure if they're being used for work.

6. Stay safe from insider attacks

Keeping safe from insider attacks can be harder than fighting hackers. But there are procedures you can put in place to help protect your business. Make sure to compartmentalize, so that not all members of staff across the company have the same IT privileges. It is also important to have strict password policies in place, and to track the use of privileged accounts. Monitor suspicious behavior by your staff, and make sure you know if your staff are dealing with office issues that cause resentment and bad feeling. It is also important to promptly deactivate network access of staff members who leave your employment.

7. Backup your company data throughout the day

Backup all your servers continuously throughout the day both onsite and to the cloud. If you do get attacked, a good, recent, verified backup maybe your only solution to restoring your business. This can’t be stressed enough. Make sure you are doing fire drills to ensure that the files you are backing up are not corrupt. Furthermore, if your server data is also being backed up to the cloud then you can access them even when you can’t access your onsite servers. You can learn more about online backups here.

If you would like to know more about how to keep your IT systems safe from attack here in Rochester and Buffalo, it's worth talking to the experts at Capstone Information Technologies. We can give you the latest hints and tips to keep the hackers at bay.

At Capstone IT, clients leverage our services to focus 100% of their attention to growing their business while we focus on consistently advancing and supporting their systems to meet their growth goals and uptime requirements. Our clients include hundreds of small and mid-size businesses in Rochester, Buffalo and the surrounding Western NY area. Want more knowledge? Download our Free eBooks and get answers to the most common security and technology questions. You can also get in touch with one of our technical specialists by calling 585-546-4120 or visiting


Find out how you can avoid malware attacks with our indispensable guideStart Reading