PureVPN interviewed Sam Warren, Director of Marketing at RankPay, regarding online security for small and medium businesses. Here’s how it went:
1. Let’s start with your journey. Tell us how did you get started, and what has helped you land up as Director of Marketing at Rank Pay?
SW: I got started, like many, by opening my own local business. I learned everything the hard way and quickly realized that marketing was a major passion. I love that it’s so dynamic, and requires a mix of creativity, analytical capability, and sales chops!
I dove in and leveraged online resources to educate myself, and I experimented relentlessly.
Eventually, I got burnt out running my own business (again, like many) and I closed up shop. It was at that time that I took a position as a marketing coordinator at RankPay, and I’ve worked my way up from there!
2. Given your experience, how do you ensure that your data remains safe online, given that it’s sensitive and highly confidential in nature?
SW: I take online security pretty seriously, and I encourage both clients and personal connections to do the same. It starts with password best practices. I like LastPass personally, but there are a bunch of similar tools that are all effective.
Use strong, random passwords and update them regularly!
Using a VPN is also an easy and basically required step to be secure online. There are both paid and free options that one could pursue.
There’s a lot of common sense involved as well. Don’t click links in emails unless you trust the sender. Even then, be sure that the email makes sense and double-check the credentials if anything looks even remotely odd.
It’s also best to keep secured backups of all of your data. That applies to both personal and professional files and records. This will ensure that your data is safe in the unfortunate event of hardware failure, security compromise, or something similar.
3. What are some most notorious cybersecurity threats of today? And what are some future threats do you see?
SW: The most dangerous cybersecurity threats currently are (in my opinion) phishing schemes, ransomware, and DDOS attacks.
Phishing attempts can be notoriously hard to detect, and even many savvy internet users have fallen victim to the more sophisticated ones.
Ransomware is a somewhat recent development but is fast becoming a larger and larger problem for security experts to contend with. DDOS attacks have been around for a long time of course, but they can still wreak havoc if your business is targeted.
It’s hard to predict what internet criminals will come up with next, but I think that ICOs (initial coin offerings) are fast on their way to becoming a widespread problem. In fact, they currently enable bad actors to flat out scam users out of money.
While regulators scramble to deal with that emerging threat, it’s probably best to steer clear.
4. According to some experts, SMEs are more vulnerable to cyber attack than they were ever before. Do you agree with this?
SW: I completely agree with this assessment. Put simply, in 2018 there are quantifiably more ways for criminals to perpetrate cyber attacks than ever before.
The more devices you own, that connect to the internet, the more likely you are to have your security compromised. It’s one major downside of the recent explosion of the internet of things (IoT).
Updating software and hardware is a pain, and people are generally reticent to do so. Businesses as well can be ruled by inertia. While keeping the firmware up to date is a headache, it’s imperative to keep data and records secure.
5. There has been a debate about online businesses being under the threat of cyberbullying and phishing. What are your views on this?
SW: In my opinion, there’s no debate. Phishing is an absolutely massive problem, and it’s not going to be resolved overnight.
As I mentioned earlier, there are more vectors for attack than ever before. Think about the security risk of having your WiFi, smartphone, semi-autonomous car, or Bluetooth being compromised.
I don’t want to sound like a doomsayer or an alarmist, but the truth is that businesses and people are usually slow to upgrade and update their security. It’s all too easy to become complacent.
These issues will have to be reckoned with in the months and years to come.
6. The amount of online predators is increasing day by day. How does an online business stay protected in these times?
SW: For businesses, it will often make the most sense to hire an expert to handle this for you. Of course, that will require a sizable financial investment.
If budgeting for that is an issue, I’d recommend reducing the areas exposed to attack, and creating regular/automated backups. This can mitigate the damage caused by hardware failure, ransomware attacks, or even irresponsible employee action.
7. Working with remote employees can be risky. What is the best way to stay protected while working with remote employees, while keeping the integrity of your business intact?
SW: There are a bunch of steps businesses can take to help make working with remote employees both smooth and safe.
First and foremost, offer to buy them subscriptions to a service like LastPass. It will be near impossible to enforce a rule that they use it, but if you offer to pay for it, it might help incentivize fast adoption.
You can easily do the same thing with VPN access. Help set them up with a secure VPN provider like PureVPN, and educate them on best practices regarding email, safe browsing, and caution with unknown file sources.
It’s also essential to regularly audit your access logs to look for unknown IP’s or repeated failed attempts.
It’s also wise to have each remote worker sign an NDA and provide verifiable personal information that includes a valid address and form of identification. Time trackers like TimeDoctor can further improve security and accountability.
Last but not least, instead of sharing “admin” user account credentials with remote workers, it’s best if you create unique user credentials for each employee. This way it’s much easier to audit and/or revoke access when necessary.
8. What are your significant predictions for the upcoming years that could impact organizations who get their work done online?
SW: Despite the increasingly severe and rampant threats that face online businesses, I think the coming years will see correspondingly significant security improvements.
Keep your eyes peeled for businesses that innovate on preventive solutions in particular.
Look at Cloudflare for example. If you get properly setup with a service like Cloudflare, you’ll effectively nullify the effects of all but the most extensive DDOS attacks. Similarly, if you’re in the middle of being DDOS’d, services like Encapsula can quickly remedy the issue.
9. Most SMEs aren’t really sure about the steps that they need to take in order to protect their business from online attacks. Do you agree?
SW: This is definitely and unfortunately true. It’s all too common for businesses to be lax or completely ignore online security measures.
And let’s be fair, it’s a complicated and difficult subject for the uninitiated to digest. What’s important, is that we all take steps to educate business owners, and provide simple and actionable solutions.
10. In your opinion, what steps need to be undertaken in order to build awareness about the threats that SMEs are exposed to while staying online?
SW: I find that sharing “horror stories” often drives people to take action quickly. Showing business owners the real-life dangers that these threats pose, is an effective “kick in the pants.”
Fear is a powerful emotion to tap into. To be clear, I’m not recommending fear mongering! I am, however, recommending using real-life stories to express the dangers that online businesses expose themselves to when they fail to follow even the most common-sense security procedures.
The marketer in me, also believes that preventative security solutions could easily be put in front of decision makers via extended partner networks.