by Sanne Kure-Jensen
Crop plans, CSA members, emails and farm expenses are just some of the critical files on our computers these days. Has a friend’s computer or mobile device been hacked? Do you know someone who was a victim of identity theft or had a hard drive crash? Did you learn from their misfortune?
Jairo Rugel, President of ATC Tech, Inc. and Newport County Computers in Middletown, RI said, “You need good backups. You need good backups. I can’t repeat it enough.”
Rugel recommended keeping three copies of all data: the local hard drive on your computer with the original files, a portable hard drive that can be stored elsewhere and a private cloud backup. An additional copy offers extra protection. Also, do not reply on thumb drives, They have limited read/write cycles and can be compromised by static electricity in your pocket or by walking across a carpet in the winter.
Set a schedule for backing up, either daily or weekly. Set the frequency based on how much time you would be willing to spend reentering lost data. Be sure to test your backups regularly. Can you read the directory and open a few test files on your portable hard drive or cloud backup?
“It’s not if, but when,” said Rugel. You will need your backups if you get a virus, an electrical spike, a hardware crash, a burglary, a fire… Any of these risks would seriously affect your business and cost you time and money. You can minimize your risks but you still need a recovery plan.
Think about computer security every time you are on the computer.
Never send account information or passwords via email or text. Use two-pass security with any program that offers it. Banks and credit cards typically use this system when you sign up for online account access. They send you a text or email to verify who you are. They may email you to say you have a statement ready. You then log in to view their full message or your statement.
Use your common sense. Be careful what you click on the web or in an email. If you did not expect an email from someone you know with a link, photo or attachment, do not open it. Call the sender and verify before opening any unexpected email attachments.
Spoofing is when someone sends a message with a malicious link or attachment using your email address in the “from” field so recipients think it’s legitimate. The hacker’s goal is for others to click on the link or open the attachment in the email to run malicious code or lead a reader to a site infected with malicious code. This is a relatively random act and people whose email gets spoofed are rarely hit again. According to Rugel, there is no need to get a new email address.
Phishing is email asking you to help someone out, often in a far away country. Another email line pretends to be from a family member who had their wallet stolen in a big city and they ask you to send money fast. Think, did that family member go on a trip? If they lost their wallet, they should be calling instead of sending an email?
On the web, hover over any link before you click on it. A box with an address should pop up. Be sure it makes sense to you or do not click on it. Look carefully at a link or sender’s email address. Does it end in a country code like .ru or .ch rather than .com or .org?
Google tracks everything. They track your activities and sell ads to match your browsing history. To minimize data collection, Rugel recommended a more secure search engine which does not track your search history.
All emails and websites are vulnerable to hacking. “Criminals are smart,” said Rugel. Their programs are sophisticated enough to be activated without a click. A “drive-by” or “mouse-over” can start a malware program or trigger a virus just by scrolling past the infected portion of the website may trigger an “uninvited” program to start in the background on your computer.
Rugel recommends backing away or closing any screen loaded with ads, which may be extra vulnerable. Ad-based attacks are particularly dangerous because they can be launched from trusted, legitimate websites that are fed by advertising aggregators which can be several layers deep. Each layer adds risk or exposure to hacking.
There are many online threats including ransomware, which come onto computers embedded in an email message or via a website. It encrypts data in the background and then charges you a large ransom to regain your data. Unfortunately, there is no guarantee that paying the ransom demand will result in full restoration of your data, which is why backups are so important.
Be sure you have security and antivirus software and that you keep them up to date. Company owners/managers try to save money by not upgrading hardware and software. How much did they save when they were hacked?
Rugel recommends waiting a minimum of 3-4 months after a new operating system release before buying or upgrading to the new version. That allows the software manufacturer to fix bugs and vulnerabilities that may have been missed during pre-release testing.
Be sure you turn on auto-update for security patches and schedule it to run it daily, not weekly. You want to be as up-to-date as possible. Make sure to keep programs like Java, Adobe Flash Player, Adobe Reader, and Silverlight updated since they are some of the more commonly exploited ones. Do not defer until another day just because you do not want to restart your computer.
If you see something odd on your screen or a data file is suddenly displaying garbled content, act fast. Shut off your computer and call a professional right away. They will probably have to shut everything down immediately to stop the malware or virus from causing further damage to your data or infecting your network (in a larger office with shared drives). Depending on the type of attack or infection, they may be able to restore your clean backup files. You will be a hero with good backups of company files.
Offsite cloud backups range in price and feature sets, with many of them providing free trials that allow you to determine which one works best for your needs. Be careful of synchronized cloud storage. They can be used to quickly copy infected files into your cloud folders and share the infections with your other devices or anyone else sharing those folders.
“Security and convenience are often at odds with each other; it’s a careful balancing act that requires following some best practices,” said Rugel. Try NOT to use the same password for everything. Instead, try selecting a phrase (without spaces or punctuation). You can even use the first letters of each word if the password field is too small. Rugel also recommends against using a simple word file or spreadsheet to store your various passwords. Even with password protection, these files may be compromised.