“Cybercriminals are skilled. They are calculating. They are patient.”
And if you want to protect yourself against them, you had better be, too. That was a key takeaway from Jammy Williams’ presentation as part of a recent APRO webinar, Nightmare on RTO Street: Cybersecurity Tales to Save Your Neck and Your Networks.
The webinar was held on October 19 as part of APRO’s efforts to promote cybersecurity awareness month. Cybercrime – criminal activity involving computer networks, generally committed via the internet – costs businesses billions of dollars annually, and RTO is no exception.
Williams is Director of IT Services for APRO member company Buddy’s Newco LLC, dba Buddy’s Home Furnishings. She is one of the RTO industry’s leading experts on POS systems, and thwarting cybercriminals is a significant component of her job.
But not just her job, Williams said – another of her key takeaways was that cybersecurity is everyone’s job. Thinking it’s just a concern for your IT staff is a huge mistake.
“When it comes to cybersecurity, everyone has an important role to play,” Williams said. “No one is exempt – no person or position in your organization. No role is above it. No role is below it.”
Williams said that means taking three specific actions with the people in your company:
- Mandate cybersecurity awareness training for everyone in your organization. “Every person must understand they play a vital role in your security.”
- Implement multifactor authentication and require it for every user on your network.
- Create strong passwords and use frequent password expirations.
She also said you must take strong protective measures with your property, limiting access to your networks and backing up your data.
“When it comes to your data, if it is valuable to you, it is also valuable to someone else,” Williams said.
Williams said that the same questions companies have always asked about cybersecurity are still important, but we also must remember that cyber threats are constantly evolving – with every new generation of protections, criminals invent new strategies to get around them. Therefore, you must try to stay ahead of them. Today, that means using secured cloud backups, next-generation firewalls, and network segmentation.
Segmentation means ensuring access to one part of your network does not enable access to other parts. She explained this using the analogy of a secure house.
“If you have an open floor plan, I can get into every room. If you have a closed floor plan, I can walk into the foyer, but the doors to all the rooms are locked.” Your company needs to have separate “rooms” that are only accessible to the people who need to be in them – one for accounting, one for human resources, one for store operations, even one for the CEO. “That means you need to limit even your own access,” she said.
Finally, Williams said, everyone needs to adopt these behaviors:
- Remain vigilant.
- Ask questions. (“No question is off the table. Overcommunicate. Be suspicious, and pick up the phone to verify.”)
- Be patient.
“Cybercriminals are patient,” she reiterated. “We must be too. That means you must embrace waiting. Wait for access, wait for confirmations, wait for your multifactor authentication. While you’re waiting, tell yourself: ‘Right now, I’m preventing cybercrime.’”
APRO is committed to educating its members on cybersecurity. Cybercrime is real and costly. This webinar was a benefit of APRO membership – if you are not yet a member, join today at https://www.rtohq.org/join-apro/.