Protect Your Consulting Business Against the High Potential of Russian Cyberattack

consulting frameworks and tools consulting growth consulting startup professional skills

On March 21, 2022, U.S. President Biden warned major corporations and infrastructure organizations of a high potential for Russian cyberattacks on the U.S. Cyberattacks use virus and malware that have a high potential of cascading through networks beyond the original victim. Make sure you protect your family's assets and your consulting business.

The first part of this blog gives you background from the White House, U.S. Federal Bureau of Investigation, and United Kingdom researchers on a potential cyberattack.

The second part of this blog has recommendations on protecting your business systems, personal computer data, and financial assets against the cascading impacts of a Russian cyberattack.

Whether you are concerned about a Russian cyberattack or not, you should protect your online business, financial accounts, and family photos stored digitally.

Russian Cyberattack Situation

On March 21, 2022, President Biden warned that Russian cyberattacks are likely. Days prior to that he told 100 major corporations to prepare for high possibility of a cyberattack from Russia.

Russia has already performed cyberattacks on multiple countries. In 2015 they took out Ukrainian’s electrical grid. Last week they attacked Ukrainian defense ministry and their banking system.

Such cyberattacks often cascade through local governments, electric plants, hospitals, banks, etc. that are not prepared. Due to the nature of networks there is a high-probability of a cyberattack cascading to your computer and files.

If you want more background here are links…

The White House: Statement by President Biden on our Nation’s Cybersecurity
March 21, 2022
https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/

The White House: Act Now to Protect Against Potential Cyberattacks
March 21, 2022
https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/fact-sheet-act-now-to-protect-against-potential-cyberattacks/

The Hard Truth Behind Biden’s Cyber Warnings
This article includes a breakdown of impact by industry/government sectors.
March 27, 2022
https://www.politico.com/news/2022/03/27/bidens-cyber-warnings-00020638

The U.S. Warns Companies to Stay on Guard for Possible Russian Cyberattacks
https://www.npr.org/2022/03/21/1087903332/us-companies-russia-cyberattacks-ukraine-infrastructure

Biden Warns the Private Sector that Russia is Exploring Options for Cyberattacks
https://www.nytimes.com/2022/03/21/world/europe/biden-russia-cyberattack.html

U.S., U.K. Say Russian Government Responsible For Cyberattack On Ukraine
https://www.rferl.org/a/us-blames-russia-cyberattack-ukraine/31710689.html

Local Governments are Attractive Targets for Hackers and are Ill-Prepared
https://theconversation.com/local-governments-are-attractive-targets-for-hackers-and-are-ill-prepared-179073

Protecting Your Computer from Cascading Impacts of Cyberattack

It is not just large corporations, banks, hospitals, and infrastructure that would be impacted by a cyberattack. Virus and malware cascade through networks to reach and destroy individual’s computer systems.

Your website, links to financial accounts, family photos, and even your LinkedIn profile can be compromised or destroyed.  

Here are steps you can take to protect your websites, personal computer, and personal information from virus, malware, or cyberattack. Do as many of these as possible.

1. Backup to an External Hard Drive and Store One Copy Offsite

Get a Western Digital External Hard Drive or equivalent, and backup critical data, e.g., business, CRM, website copies, accounting, taxes, family photos, etc. Get two if you can and alternate storing one offsite.

External hard drives are $60 to $120 for 2T to 5 Terrabytes. That's enough to store multiple copies of the data on most PCs. Backups can be automated or done manually (drag and drop). Initial backup of hundreds of gigabytes can take 12 – 18 hours.

https://www.amazon.com/External-Hard-Drives-Storage-Add-Ons

Since I run an online business and have about 25 years of digitized family photos, I use two Western Digital external hard drives. One is 2TB, the other 5TB. I backup my primary laptop drive once per week. I take one drive off site or put it in my car trunk with our fire evacuation bag. I swap the offsite and on site copies a couple of times per month. (The 2017 California fire came within a few hundred yards of our house and we’re 100 yds from an earthquake fault line, so one offsite copy is in our “get away” bag in the car.)

2. Use an Automated Cloud Backup

As well as a full backup to external hard drive you should do a “live” backup which stores data you are working in to the Cloud whenever you pause using your computer.

I backup my business laptop to the "Cloud" using Carbonite. Carbonite backs up files as you create them. An annual subscription is about $5/month, CHEAP insurance! You can retrieve individual files at any time or for a fee have your entire backup sent to you on an external hard drive.

https://www.carbonite.com/cp/safe/carbonite-buy

Being data-paranoid, I also backup folders containing current research and projects. I drag and drop them into Google Drive. If you have a Google account you have a 15 GB of free Google Drive storage. (You have a Google account if you have gmail.) A Business Standard account of 2TB, plenty for most consultants and families, is $15/month.

https://www.google.com/drive/

One reason I use both Carbonite and Google Drive is that Carbonite insures every file is backed up within a few minutes. I can even go back and restore files I deleted up to 30 days ago. (Great for those Oops! moments.)

Google Drive stores my current research and projects. That enables me to read or edit Microsoft Office or Google Office files, or watch videos from any computer, tablet, or phone with internet access. Google Drive will also do automated backups similar to Carbonite.

Why I’m Data Paranoia: In 1983 I was manager of competitive analysis for a division of Texas Instruments. A few cubicles away sat the hard drive holding our entire division’s accounting, billing, and customer records. When the dishwasher-sized hard drive crashed it sound like the scream of a banshee-a year’s worth of business data destroyed. It was at that point we learned the IT manager had not backed up recently. $$$$ So yes, I'm wary. A few months later he left.

3. Install Anti-Virus Software

Get either Norton Antivirus or BitDefender. (Windows or Mac) These are the two top rated anti-virus/malware. A monthly family subscription is very low cost and covers multiple devices.

4. Install a VPN (Virtual Private Network).

A VPN comes with Norton Antivirus and Bitdefender. A VPN is like a private pipeline that goes through your internet provider (Xfinity, Verizon, Sonic, etc.) It keeps your data and communication separate from what’s going through your provider’s network.

Always use a VPN on a public WiFi, such as an airport, café, hotel, etc. This is an extra prevention against bad guys from sneaking into your computer while you are on the public WiFi.

VPN Tip: Some legitimate websites will not allow you to login using a VPN. (They are watching for hackers and because your VPN "disguises" you, they think you are a bad guy.) If a legitimate website won’t let you enter with the VPN on, turn off your VPN (just takes a click), login to the site, do your thing, then turn the VPN back on when you are done.

5. Protect Your Website with a Cloud-Based Security and Restore Services

Just because a big server company is hosting your website does not mean it is protected. Hackers can destroy your website and your Authority Ranking with Google.

Depending on your needs and the website platform you use, check these vendors for website protection and/or restoration,

Sucuri
www.sucuri.net

Cloudflare
https://www.cloudflare.com/

True Horror Story of the Hack on my WordPress Site. Do not trust the free “hacker protection” service that might come with your website host. My original WordPress host, Siteground, had free protection from Sucuri that I thought would protect my WordPress site. (Other than this misunderstanding Siteground has given excellent support.)

I was getting 70,000 unique viewers per month to my client-support site, so I was a rich target. July 2021 my website, www.CriticalToSuccess.com was hacked. Pages and links on my site were rerouted and my Google Authority and search listing was destroyed. (WordPress is very easy to hack. Do not leave inactive or out-of-date WordPress plug-ins on your WordPress site.)

I paid Sucuri $200 to clean and restore my site. They found and removed malware, restored links, and restored a few pages. Restoring to a previous website backup was not possible as the virus lay dormant until it had infected all 30-days of backup, then it came alive and attacked. I have since switched my consulting academy to Kajabi with Cloudflare protection.

6. Train all family members to watch for phishing (or pfishing) attacks through email

Phishing attacks come through emails (sometimes phone call) and ask you to verify a password, login to your account, or download software. They try to look like they are legitimately helping you, but they are attacking.

https://www.google.com/search?q=phishing

Warning signs for phishing email or website are,

  • Bad grammar
  • Misspelled words
  • Poor formatting in what is supposed to be a corporate site or email
  • Fuzzy pictures or logos
  • Link addresses that don't match the company 

The best way to check for a phishing attack is by checking the links or buttons before clicking them. Check links in a suspicious email or website by mousing over the link or button, then looking at the pop-up link address or, in Chrome browser, look at the bottom left to see where the link goes. See if the link matches the company. For example, if the investment firm Schwab is asking you to click an email button, the pop-up link address should show the business name,

www.schwab.com/something or https://www.schwab.com/something

If the link or button address that displays when you mouse over looks strange, like,

biz9357worldfskk.net/something

or the displayed link is a different name than the company, don't click.

7. Install two-factor authentication on financial accounts and LinkedIn

Install two-factor authentication on any financial or personal information accounts.

Two-factor authentication works by using another device to verify that the person trying to gain access is you.

Rather than immediately letting you in the account, the website sends a passcode to your cell phone. You must enter that unique passcode into the authenticator box on the website. This means that to hack your account someone would have to have your login ID, your password, and your cell phone.

LinkedIn has just added two-factor authentication to protect your LinkedIn profile. This tip comes from my good friend, Ted Prodromous, author of the best-selling book, “Ultimate Guide to LinkedIn for Business, 3rd Ed.

https://www.amazon.com/Ultimate-Guide-LinkedIn-Business-million

To turn on two-factor authentication for your LinkedIn account,

  1. Go to your LinkedIn home.
  2. Click your profile icon in the top menu.
  3. Click Settings & Privacy.
  4. Click Sign in & Security, then Account Access.
  5. Click Phone Numbers and enter the mobile number where you want to receive a text message with the authentication code.
  6. Click Two-Step Verification, enter your LinkedIn password, and set it to On.

8. Use Easy to Remember, Unbreakable Passwords

It isn’t just in the movies where the hacker yells, “I’m in!”, as they break into some government account. If you have weak passwords, it could be your retirement account.

Another consultant and I did a database analytics consulting job for the US Naval Undersea Warfare Center in Keyport, Washington. The minute we came onsite their security officers met us and did a DEEP SCAN of our laptops. (We passed thank heavens. There was a Shore Patrolman with side arm at the back of the room.)

They told us that a couple of our passwords were weak. Here is what they recommended we use for passwords.

Use simple, short passwords for non-valuable accounts, like the library, communities or clubs you belong to.

Use long, difficult passwords for valuable accounts, like bank accounts, investments, website administrator, etc. The naval security officer recommended using an algorithm (pattern) everyone in the family could remember, but would be unbreakable.

Every account password should be unique. Try to have a minimum of 12 characters and throw in one or two UPPER case letters.

How do you do that? Here is a password algorithm that works well for business and family use. Everyone in the family should use the same algorithm. In case of emergencies everyone knows how to get into accounts, but the passwords are unique and highly secure. At the time our sub-teen kids got this password algorithm instantly.

1. Start with a four or five letter pet’s name, favorite vacation spot, or grandma’s middle name. For example, your dog,

   pete

Some people even use a favorite phrase, “bethechange”, for example.

2. Add a birthday or important date everyone in your family knows. For example, the US Independence Day, July 4. Numerically that is “0604”, so the password is now

   pete0604

3. Now make it unique to the account. For example, if you bank with Golden Bank, add the first four letters, “gold”

   pete0604gold

If you always use the first four letters, then everyone in the family knows how to make it unique.

4. Choose one letter that can be switched into its numeric format. This is “Leetspeak”. (Ask your teenager about Leetspeak. They use this in texting and social media as one more way to confound their parents.) In our example, "e" is replaced by "3".


   p3t30604gold

Alphanumeric (Leetspeak) substitutions are: [email protected], e=3, o (oh)=0 (zero), l (el)=1 (one)

5. Finally, pick one letter to capitalize, no matter where it is. For example, “T”. So the final password is,

   p3T30604gold
   pete (the dog) + “Fourth of July” + Bank Name with "T" and 3=e substitutions

A password algorithm like this makes passwords memorable to everyone in your family (in case of emergencies or accidents), each is unique, and it is secure.

OR

you can use a password manager that stores all the individual account passwords in a "vault". You only need to remember the key password for the manager. Password managers can be bundled in the monthly price of Norton or BitDefender.

Downsides to password managers: There are downsides to password managers depending on the type. If malware captures your key password as you type the bad guys get all your passwords. Some managers require the key password and email password, lots of typing. If you are on a different device or your primary device is lost, you lose your vault. And so on. Tough choices. I prefer our family algorithm.

Feel free to copy and pass this on to your clients and friends.

Be safe, be secure, and build an inclusive, sustainable world,
Ron

If you are a consultant or independent professional, let's connect on LinkedIn.
https://www.linkedin.com/in/ronperson/

 

 

Strategies, Tactics, and Tips for
Consultants and Independent Professionals

Stay up to date with the latest opportunities, strategies, tactics, and tips for
independent consultants and professionals.

We hate SPAM. We will never sell your information, for any reason.