Locking it down

Neal O’Farrell from Ethicause didn’t go to the Lawn & Landscape Technology Conference to talk about landscaping. In fact, he told attendees during his session Friday morning that he wasn’t even there to be nice.

“I am not the good news bearer. I am not a motivational speaker,” O’Farrell said. “I’m not here to make you the best possible version of yourself. I want to make sure you’re the only version of yourself. My job is to protect (you).”

O’Farrell said most people don’t think much about cybersecurity, so his session – the last of the conference – was centered around the threats of hackers, data breaches and privacy failures.

“No matter what industry you’re in, no matter your role, the stakes are getting so much higher,” he said.

He said many folks in the landscaping industry are wondering why hackers would pick on the landscaping industry. The government has all the secrets, and the banks have all the money. But the hackers use a strategy called spray-and-pray, which means that every day, they churn out countless attacks and incessantly do it.

Their strategy is two-fold: They hope it even makes it into your email inbox or on your computer, and that even a tiny fraction of folks fall for it. However, bigger companies are forcing hackers to look into small companies (under 250 employees) because many don’t have the budget to prevent these attacks.

O’Farrell said he’s interviewed plenty of hackers who ended up in prison over time, so he has a good picture of why they do it and who they are. Cybersecurity is a major bet, and roughly $6 trillion is made from simply stealing data. A new cyberattack happens roughly every 30 seconds.

He also said there are a million new cases of identity theft every 30 days. Business identity theft could put companies out of work, he said, which is when people pretend to be your company. They order expensive stuff and don’t pay for it, or they make reckless business decisions posing as your company.

“The reality is, you’re probably not going to be a victim,” O’Farrell said. “The chances of you getting hit are low but getting much higher. That’s the part you need to worry about.”

BRAIN VS. FINGER. O’Farrell said most attacks happen when one singular employee clicks on a link in a scam email, ignoring the brain and instead acting with their index finger. Hackers don't attack computers; they attack people's decisions. 

“The vast majority of these attacks can be thwarted by fixing the relationship between the brain and the index finger,” O’Farrell said. “Most of these attacks require you to do something. If you could just pause when something comes in… that decision alone beats the brightest minds.”

RANSOMWARE. One of the devastating forms of attacks can be ransomware, O’Farrell said. It’s usually disguised as a phising email like from the IRS, but all your data gets locked up and held for ransom. For some businesses, it can be irrationally expensive to fix if it’s fixable at all. They can get your clients’ information and use it for their own purposes, including selling it to others.

“To me, it’s really one of the scariest (attacks),” he said.

EDUCATION. If you take the time to teach your employees how to avoid clicking on fake emails, you’ll probably avoid many of the major problems O’Farrell highlighted Friday. Hackers can even imitate some of your coworkers and make the emails look legitimate, asking for money. Double-check the email address itself to see if it’s a phony email, or call and verify with the coworker to ensure it’s genuinely the other employee, not a scammer.

“They call it social engineering,” he said. “The idea is to make comfort overcome caution.”

Paranoia should come in for these emails or phone calls. Data breaches can give hackers a lot of information about you that make it difficult to discern if it’s actually somebody working in your best interest. One of the attendees at the presentation suggested coming up with a safe word or phrase so others know it’s legitimately that person when they ask for money. O’Neal said even that step isn’t foolproof, but it helps.

“Paranoia’s your best friend,” he said. “If you can weave paranoia into all your business decisions, into all your computing decisions…it will force you to be skeptical of things you might not normally be skeptical of. It’ll force you to slow down and double check. It might force you to be a pain to your employees. That paranoia can turn out to be your very best friend.”