Montana Security Experts Share 5 Tips to Protect Your Business from Cyber Threats
On Wednesday, August 23, 2023, MHTBA and Fisher’s Technology co-hosted the web panel “Montana Cybersecurity Grants and Tools to Protect Your Business,” discussing ways to leverage grants of up to $8,000 through the Montana Department of Commerce ARPA Cybersecurity Program to defend against cyber threats.
September 21, 2023
By Melissa Paulsen
On August 23, 2023, the Montana High Tech Business Alliance and Fisher’s Technology co-hosted the web panel “Montana Cybersecurity Grants and Tools to Protect Your Business.” The panel featured insights from some of the state’s top IT and security experts who shared how businesses can be proactive against cyber threats. Speakers included:
Christina Henderson (moderator), Executive Director, Montana High Tech Business Alliance, Missoula
Vena Dagnall, public outreach and operations manager for Montana Department of Commerce, Business MT division.
Ryan Alter, Professional Services Director, Fisher’s Technology, Missoula
Matt Durrin, Director of Training & Research, LMG Security, Missoula
Dena Johnson, Business Insurance Sales Executive, Marsh & McLennan Agency (MMA), Billings
Continue reading for five key takeaways from the conversation.
Plan for the Worst
Cyberattacks are on the rise as hackers have grown more sophisticated in their attempts to deploy ransomware against unsuspecting businesses. Most cyberattacks occur during the weekends or holidays when offices are closed to make it more difficult for business owners to call for help. The primary targets of cyberattacks are small to medium-sized businesses which occupy about 30% of the cybersecurity space.
Dena Johnson, business insurance sales executive for Marsh & McLennan Agency (MMA) in Billings, warned Montana business owners that they aren’t immune to cyberattacks just because they live in a rural state.
“These bad actors are sophisticated,” she said. “They're selling their software to thieves across the country and across the globe [to] get into businesses of all sizes. These thieves don't care about the big companies or the large governmental organizations. They care about the small business owner, the medium-sized business owner, and the business owner that just needs to get up and running. [Cyberattacks] are averaging anywhere from $40,000 to $50,000 in ransom all the way up to millions depending on the size.”
MMA offers cost-saving insurance services, including risk mitigation, cybersecurity insurance, and claims management.
2. Apply for Grants
Besides astronomical fiscal damage, ransomware also harms a business’s reputation by forcing their operations to cease and decreasing their trustworthiness. However, the Montana Department of Commerce understands the reality of living in a fast-paced digital age and that cyberattacks are an ongoing problem many Montana entrepreneurs are facing.
To help Montana business owners proactively prepare and protect themselves from cyber threats, the Montana Department of Commerce launched the American Rescue Plan Act (ARPA) Cybersecurity Reimbursement Program. Montana businesses can receive grants of up to $8,000 for reimbursement of newly implemented cybersecurity measures including firewalls, email protections, data destruction, employee training, and more from an accredited Montana cybersecurity company.
“This program aims to protect Montana businesses and encourage strong cybersecurity practices,” said Vena Dagnall, public outreach and operations manager for Montana Department of Commerce, Business MT division.
To qualify for the ARPA Cybersecurity Reimbursement Program, applicants must have a for-profit business open for at least one year with at least five (and no more than fifty) full-time employees. Ineligible activities include cyber insurance, computers or laptops, Microsoft Office, Norton antivirus or other similar programs, and assessments and consultations that don't take any further action. To learn more and apply, visit the Montana Grants application portal. The program ends on December 31, 2023, or when the funds are expended.
3. Train Your Employees
All three panelists agreed that investing in employee awareness training through a managed service provider or an insurance agent can better protect Montana businesses by exposing where the company is vulnerable.
“When we talk about ransomware [and hackers] getting into a network, about 86% of the time we see that coming as the result of something as simple as a phishing email,” said Matt Durrin, director of training and research for LMG Security in Missoula. “So doing proactive email phishing testing, social engineering testing, and regularly evaluating your [employees’] cybersecurity posture can be a huge benefit to your cybersecurity program. Plus, your employees really do need those tools to protect themselves, not just in their work life, but also in their personal life.”
LMG Security is employee-owned and operates as a cybersecurity consulting agency. Their services include cybersecurity education and training, advisory and compliance services, and penetration testing.
Equipping employees with the proper cybersecurity training and tools also allows them to become the strongest line of defense against cyber threats.
“Your employees are going to be the most targeted when it comes down to what a criminal is going to go after,” Durrin said. “So, making sure [employees] have those tools, making sure that you are providing them with the time and the resources they need to understand these risks [and] to defend against them is hugely important.”
Montana businesses and residents can leverage free educational resources like CyberMontana, which includes middle and high school cyber education options, rapid training courses, and security awareness training on their website.
4. Cultivate Best Practices
Deploying common cybersecurity best practices can reduce human errors that expose companies to dangerous cyberattacks. Companies are particularly susceptible to cyberthreats during periods of transition such as when onboarding new employees, enacting changes in leadership, or changing vendors in their supply chain.
“Understand what's happening with your team,” Johnson said. “Pay attention because when [employees are] stretched too thin [or] they're working remotely and don't have the right tools in place, they make mistakes. The best way to prevent [mistakes] is to understand why we make them and then put strategies [and] tools in place to help prevent them.”
Other cybersecurity best practices include:
Not using the same password for everything
Not opening or clicking links on E-Cards
Hovering over e-mail links before clicking
Double-checking if documents are saved under personal cloud drives or team cloud drives (like Google Drive or Microsoft One Drive)
Budgeting for cybersecurity measures
Creating a positive and inclusive work environment around the topic of cybersecurity can better prepare teams for cyber threats in the long run and stop attacks from happening. Companies can take practical steps in this direction by involving their leadership during employee awareness training so that everyone can learn together and share responsibility for keeping company data secure.
Another way to dispel the mindset of fear around cybersecurity is to make learning fun for employees through games and prizes, such as how Fisher’s Technology awards $5 Starbucks gift cards for employees who submit the best phishing attempt.
“It's about having that culture of talking about [cybersecurity] on a normal basis, [which] is extremely helpful,” explained Ryan Alter, professional services director for Fisher’s Technology in Missoula. “That’s one of the biggest mistakes I see [businesses make] is they tend to come more from that fear standpoint of [cybersecurity] culture versus that fun [attitude of] ‘let's just make this part of who we are’ [as a company].”
Fisher’s Technology provides managed IT services to help companies operate smoothly and stay safe from bad actors in cyberspace.
5. Invest in Advanced Tools
In addition to employee awareness training and best practices, Montana companies can defend themselves from cybercrime by implementing a variety of cybersecurity tools. These tools include penetration testing, vulnerability scans, and working with managed service providers to install intrusion detection systems (IDS), which look for patterns on networks and sends abnormal traffic activity to security operation centers (SOC) for monitoring.
As hackers employ more advanced tactics, Durrin warned companies not to become too reliant on only antivirus software for protection. Instead, companies should consider implementing an IDS.
“One of the biggest things that we see is a reliance on something like antivirus software to protect you in case somebody gets into the network,” Durrin said. “Most of the time, when attackers are moving through your network, they’re not relying on things like viruses that are going to set off the alarms. So, having something like an intrusion detection system or endpoint detection and response system are really what you need to be able to tell if something is going wrong.”
Hackers are also increasing their dwell time, or the amount of time it takes from when a hacker compromises a network to when they activate ransomware. On average, cybercriminals spend anywhere between 30 to 180 days undetected inside computer networks.
Ryan Alter recommended setting up a firewall and a guest network to increase company security.
“If there’s one [tool] I see most Montana companies not having, it’s as simple as a firewall and guest network,” he said. “A lot of companies are allowing the public onto their main networks [and] not protecting themselves from those bad actors out in the world.”
Additional cybersecurity tools the panelists recommended include:
Setting up two-factor authentication
Conducting regular off-site backups
Purchasing cyber insurance
Having a trusted technology partner to help create an incident response plan
Creating long and unique passwords
Using a password manager like LastPass
All these cybersecurity measures (except for cyber insurance) are covered under the ARPA cybersecurity reimbursement program.
Alter suggested that companies should work closely with managed service providers and their team of experts rather than relying on only one or two people to protect an entire network.
“Today [cybersecurity is] getting much more complicated,” he said. “There are a lot of products that you need [and those products] are expensive. A [managed service provider] can help spread the cost of [cybersecurity] software and help you set up a safer system.”
Resources:
Business Montana (supports innovative industries to grow businesses across the state)
https://www.covidreliefmt.org/submit (cybersecurity grants)
CyberMontana (cyber workforce education in Montana)
Fisher’s Technology (manages IT environments, sells and services copiers and printers, and streamlines business operations)
Fisher's Technology IT Security (cybersecurity services offered by Fisher's Technology)
Fisher's Technology IT Services (managed IT services offered by Fisher's Technology)
LMG Security (cybersecurity consulting, research, and education firm)
Panelist emails for further inquiries
Ryan Alter: marketing[at]fisherstech.com
Matt Durrin: info[at]lmgsecurity.com
Dena Johnson: Dena.Johnson[at]marshmma.com
Marsh & McLennan Agency (MMA) (offers cost-saving insurance services, including risk mitigation, cybersecurity insurance, and claims management)
vdagnall[at]mt.gov (Vena Dagnall’s email for inquiries about the Montana cybersecurity grant program)
About the Publisher: Launched in 2014, the Montana High Tech Business Alliance is a nonpartisan nonprofit association of more than 200 high tech and manufacturing companies and affiliates creating high-paying jobs in Montana. For more information, visit MTHighTech.org or subscribe to our newsletter.
About the Author: Melissa Paulsen is the communications coordinator for the Montana High Tech Business Alliance. She graduated from the University of Montana in 2022 with a BFA in creative writing and a minor in history.
