Cybersecurity Awareness Month: Tips from Our IT Professionals

At TBG, our IT team serves the firm as its trusted technology partner through forward-thinking, innovative solutions and unparalleled services provided by our highly motivated, skilled IT professionals. Our team provides 24x7x365 firm-wide support, computer hardware and software, network, collaboration, cloud, and computing services, the protection of our employee's, client's and firm information, systems integration, and application development and support.

Typically, when we think about protecting our data, we think of our IT team. While they have the knowledge and tools to educate and assist with the process, protecting yourself and your company is more than just an IT responsibility— it starts with YOU.

In honor of Cybersecurity Awareness Month, we spoke with members of our IT team to discuss some of the actions each individual can take to best protect their personal and company data. Take a look at their top advice:

Update Your Software

Sometimes the simplest solutions and actions are the most meaningful.

“When it comes to protecting your data, it is best to start with the ‘keep it simple’ methodology,” shared Sean Grieco, Director of Infrastructure and Support. “Your first approach should always be to keep your software and devices updated and patched.”

Watch Out for Phishing, Smishing, and Vishing

There’s a lot of confusing terminology when it comes to the realm of cybersecurity. Here’s some clarification:

“Phishing is the practice of sending emails, usually from a reputable source, to trick the recipient into giving up information such as passwords and credit card numbers. Smishing are attacks that come via text messages. The intent of these messages is very similar to phishing. Vishing are attacks that take place over the phone and voicemail,” clarified Nicholas Cozzolino, Director of IT and Security Operations. “Simple controls such as two-factor/multi-factor authentication, access controls, perimeter defenses, and security awareness trainings can go a long way in preventing and defending against these types of attacks.”

Set up 2FA and MFA

Speaking of two-factor/multi-factor authentication, that’s another incredibly important action individual employees can take to remain cyber secure.

“Do you think two-factor authentication is a pain? Did you know a good portion of computer breaches are due to the stealing of passwords? Without two-factor (2FA) or multi-factor authentication (MFA) –such as a pin, computer generated number, or a thumb print – hackers can easily use your password to steal your data,” said John G Roman, Chief Information Officer. “A second factor is related to you and no one else. So even though a hacker has your password, he or she cannot access your data without the second factor that only you have.”

Correctly Handle Incidents

Despite all of the safeguards in place, incidents do happen. When they do, it’s critical to handle them correctly and quickly.

“Whenever there is a suspicion that something could have happened, whether it is a possible bad link in an email or something suspicious was downloaded from the internet, your IT team should be notified right away so they can start an investigation and determine if further action is needed,” said Kiefer Puma, IT Support Specialist II. “One important thing to do in the event of an incident is to disconnect the computer from either your network or the company network and NEVER shutdown the computer. While it may seem counterintuitive to not shutdown, this can erase necessary information your IT team needs to determine the impact of a security event.”

For more cybersecurity related content, check out FoxPointe Solutions, TBG’s dedicated information risk management division. Additionally, if you are interested in a career in IT or cybersecurity at The Bonadio Group, reach out today or check out our current openings on our Careers page!