Members of the team at Melillo Consulting, from left, Phil Bianco, Doug Morrison, and Stan Bates.
“We do quarterly training — each employee has to take a test and pass it,” he explained. “It’s terribly difficult, but it instills in your mind some of the things that are going on out there. Just the other day, we got hit, but everyone in the organization was smart enough, because of their training, to delete before they opened.”
Backup Plan
Because of the seeming inev- itability that these sophisticated phishing attacks will succeed, businesses of all sizes need to have all the other layers of that onion to fully protect them- selves from attacks — the train- ing and the policies, in addition to the hardware and software.
“You have to have all the other layers in place because you simply cannot rely on humans not to click on e-mails at the pace that they’re required
ticated,” Bianco explained. “The average time that that individual has compromised your network is typically a month or more. And in
“Know who you’re doing business with. Trust an e-mail if it’s someone you’ve done business with in the past. And if it isn’t someone you’ve done business with in the past, be skeptical of that.”
that month or more, they can go through and encrypt your backups as well as your produc- tion-installed system, your code bases, and things like that.
“And they have a pretty sophisticated map of what your environment looks like, so we’ve been working with customers to do what’s called air-gabbing backups,” he went on. “Once that infrastructure is backed up, it’s completely separated from your network, so it can’t be encrypted.”
Christianson agreed, and noted that such independent, often off-site backup systems need to not only be in place, but be monitored
Cyberattacks
Continued on page 46
 this before, this is not something you should work with — please delete this or quarantine this,’ or, if they haven’t seen it, they can send
it on to an anti-spam or anti-virus protection service that they’ve engaged with, and that indi- vidual or group can look at it across multiple things that they’ve seen.”
In dealing with suspicious e-mails, Bates cited his own firm as an example of the kind of rigorous training that can and should go on.
to do,” said Morrison, noting, as others did, that subsequent layers include a firewall, backing up all information, and encryption of information.
As noted, there are layers to backing up information, said the experts we spoke with, noting that the best solution is to isolate the backups as much as possible from the main network.
“Most companies do back up, but these mal- wares that do ransomware are pretty sophis-
  Local Business?
Local Lenders.
front row: Mike Buckmaster
back row: Jim Alexander | Adam Baker | Maura Guzik Chelsea Depault | Jay Seyler | Barbara Campbell
Jim Carvalho
 8 Commercial Lenders with Individual Lending Authority.
BestLocalBank.com | 877-682-0334
GREENFIELD NORTHAMPTON
MEMBER FDIC MEMBER DIF
    Cooperative Bank Cooperative Bank A Division of Greenfield Cooperative Bank
   FEATURE
JUNE 23, 2021 11
BusinessWest