The Minot Chamber EDC teamed up with SRT for a lunch and learn centered around cybersecurity last week. SRT Chief of Technology Shawn Grosz detailed the cybersecurity steps that SRT takes to protect itself. SRT teams up with over 20 companies to ensure their cybersecurity.
“We are unique in that much of our network is not in a building that we control. It’s in your office, in your home and your business, and these network elements are beyond the physical control of SRT. Many businesses are not in that situation, ” Grosz said.
One of the steps that SRT takes to test the security of their network is the hiring of an outside company to do “Penetration testing.” The hiring party has to sign an ethical hacking agreement that waives the liability of the hacking company, and the ethical hacking company looks for weak points in the network.
“You’re going to want to vet any provider. You want to make sure that they’re legitimate. If you give them access to hacking into your network, you’re gonna want to know who they are and what they’re gonna do, ” Grosz said. “You want to document the scope of work, and what they’re going to do and when they’re going to do it.”
For small businesses that may not have the resources for a plethora of cybersecurity measures, Gosz said the best thing they can do to protect themselves from cyberattacks is to train employees to be careful with their emails.
“If you aren’t expecting something from email, don’t assume that somebody’s sending you something, particularly clicking on a link or opening an attachment,” Grosz said. “Opening the email itself is not a problem. You can open an email and you can read what it is. If it says, click here and do this, or we’re your bank, and we need to change your password, no. ”
These types of attempts are called Phishing. Phishing is used to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person, according to the National Institute of Standards and Technology, an offshoot of the US Department of Commerce.
Grosz said it’s important that businesses educate their employees on phishing schemes.
“A lot of these small businesses, they’re going, ‘Well, the more I spend on educating you about phishing schemes, I don’t have you selling insurance or selling a house, it takes up time.’ You’ve gotta dedicate those resources, ” Grosz said.
Information Technology personnel Jason Adkins, Aaron Gyles, and Billy Grage of Cultivate Solutions, a North Dakota based franchise company, attended the event to see what other companies are doing. Gyles said that the biggest threat is the employees and that companies should teach their staff to, “Never give out their passwords, don’t write their passwords down.”
Carla Dolan, vice president of the Minot Area Chamber EDC, said she had seen another chamber put on a similar talk that caught her attention. She asked SRT if they would be willing to host the event. The next lunch and learn may be about office culture.
“What can be done with the need for employees. You have to find innovative ways to do that, ” she said. “Keeping and maintaining or retaining employees is difficult right now.”