From Phishing to AI: Keep your company's data safe online

Did you know that October is Cybersecurity Month, a time to raise awareness and share the importance of cyber safety? Since Facilisgroup is a software-as-a-service company trusted to keep their customers’ data and information safe, we wanted to share some information on the importance of cybersecurity. We asked our Vice President of Infrastructure & Security, Jason Gurran, six questions about cybersecurity that everyone in the promotional products industry needs to know.

The Folio:  First, why is cybersecurity important, especially for the promotional products industry?

Jason Gurran: Cybersecurity is all about protecting your IT systems and data from cyberattacks over the internet and should not be confused with information security, which has an even wider scope. That said, cybersecurity is vital to every business in today’s digital age for several reasons. First, the promotional products industry often involves a global supply chain, with manufacturers, suppliers, and distributors located in various regions, which can introduce cybersecurity risks due to potential vulnerabilities in systems. Unauthorized handling and access to sensitive data can lead to identity theft, financial loss, and reputational damage, which can further have legal consequences. Like other ecommerce businesses, many promotional products companies accept online payments, making them susceptible to cyberattacks such as credit card fraud. Additionally, cyberattacks can disrupt operations, leading to lost productivity and potential revenue loss. 

The Folio: AI has become a major player in the workforce for quite some time now. What are some best practices people should follow when it comes to using AI? 

Jason Gurran: AI can be a very useful tool to get quick answers, crunch vast amounts of data, and increase your productivity. However, AI also makes mistakes. Be mindful of what you feed AI and try not to share any confidential information with it. Also, always fact-check the information you get from an AI system against a trusted source. Finally, understand your context as AI will not know or consider copyright, plagiarism, profiling, and other legal requirements. 

The Folio: What are the most common cybersecurity missteps people fall for? 

Jason Gurran: Even the most tech-savvy individuals can fall victim to common cybersecurity missteps. The list is long including: 

• Weak passwords by reusing the same password or simple passwords. 

• Phishing attacks and not identifying the common characteristics of phishing. 

• Clicking on links without checking first.

• Connecting to public or open Wi-Fi connections.
• Social engineering, or the practice of tricking people into giving away sensitive information or performing actions that are dangerous or harmful.

The Folio: How do companies and businesses make themselves vulnerable to phishing and ransomware attacks?

Jason Gurran: The most tech-savvy individuals can fall victim to common cybersecurity missteps. The list is long including not being security aware and remaining updated on phishing trends, using outdated software, not applying patches to known vulnerabilities, and not having a reliable backup strategy 

The Folio: What steps should people follow if they receive an email that might seem suspicious? 

Jason Gurran: Here’s what you should do if you happen to receive an email from an unknown sender or looks particularly off.

• Independently verify the sender using known contact information. Never reply to a suspicious email. 

• Don’t open attachments you are not expecting. 

• Avoid clicking links; hover over the link first to see where it will direct you. 

• Don’t be pressured by calls, emails, or texts prompting you for action. Stop and think before reacting. 

• Report your issues to your IT team. 
• Invest in a good antivirus solution 

The Folio: What are some ways people can protect their personal and business data? 

Jason Gurran: For Individuals, use strong and unique passwords for each online account. Avoid using easily guessable information like birthdays or pet names. Enable Two-Factor Authentication (2FA) whenever possible to add an extra layer of security. This typically involves providing a code sent to your phone, app, or email in addition to your password. Avoid using public Wi-Fi networks for sensitive activities like online banking or shopping. If you must use public Wi-Fi, consider using a VPN. Regularly review your bank and credit card statements for any unauthorized activity. 

For businesses, educate employees about cybersecurity best practices, including recognizing phishing attempts and avoiding suspicious links. Implement strong password policies, multi-factor authentication, and access controls to limit unauthorized access. Encrypt sensitive data both at rest and in transit to protect it from unauthorized access. Develop a plan to respond effectively to security breaches and minimize their impact.