>> WELCOME TO NEW HAMPSHIRE'S BUSINESS, I'M FRED KOCUR. CYBER SECURITY, MALWARE, RANSOMWARE, A CRYPTO LOCKER. THERE ARE THREATS OUT THERE I'LL BE TALKING ABOUT WITH MY GUEST, ESPECIALLY IF YOU'RE A BUSINESS. LET'S GO TO THIS GRAPHIC. THE GROWING CYBER SECURITY THREATS, ONE IN FIVE BUSINESSES WILL HAVE BREACHES. AND 97% COULD HAVE BEEN PREVENTED. AND THEN MOST MALWARE IS DELIVERED BY E-MAIL. TRADITIONAL ANTI-VIRUS PROGRAMS CAN'T DETECT IT. 20% OF BUSINESSES HAD TO CEASE OPERATIONS BECAUSE OF RANRANSOMW AN KNOWING THIS PRETTY WELL IS FROM THE COMPUTER GROUP, WELCOME. >> NICE TO HAVE YOU. YOU OPERATE IN MAINE, NEW HAMPSHIRE AND MASSACHUSETTS AND YOU'RE DEALING WITH CUSTOMERS, GOVERNMENT AGENCIES AND PRIVATE BUSINESSES THESE ATTACKS. SO I THOUGHT IT WAS INTERESTING WITH YOUR ONE AND FIVE BUSINESSES WILL SUFFER CYBER SECURITY ATTACKS THIS YEAR. WHAT IS THE MAIN THREAT? >> I THINK THE THREAT, FRED, THEY WANT THE MONEY. SO THE THREAT IS, THEY'RE LOOKING FOR VULNERABILITIES. THEY'RE LOOKING FOR OPTIONS TO GET INTO THIS BUSINESS AND WREAK HAVOC. >> WHAT ARE THE BIGGEST VULNERABILITIES. >> THE USER ITSELF IS NOT DOING IT INTENTIONALLY, BUT THEIR PASSWORD, A WEAK PASSWORD OR FIREWALL IS NOT PROPERLY LOCKED DOWN AND THE BAD ACTORS HAVE THE ABILITY TO GET THROUGH RDP, PEOPLE THAT WORK REMOTELY. >> E-MAILS THAT CLICK ON THEM. >> AND THEY CALL THAT PHISHING. THE E-MAIL LOOKS LIKE IT'S COMING FROM FRED TODAY, BUT IT'S NOT, IT'S AN UNUSUAL NAME OR LINK. >> WHAT ARE SOME OF THE NAMES OF THE THREATS. >> RANSOMWARE IS COMMON. IN THE OLD DAYS IF SOMEONE IS KIDNAPPED THEY'LL GET ASKED FOR A RANSOM. BUT THE BIG WORD IS CRYPTO LOCKER. THEY'RE LOCKING THE DATA, YOU CAN SEE IT, BUT YOU CAN'T USE IT. >> IT'S DONE QUIETLY AND YOU DON'T KNOW IT HAPPENED. >> THINK ABOUT THE MOVIES WHEN THE PEOPLE COME IN AND STALK AND DO ROBBERY, THESE GUYS ARE SPENDING DAYS, MONTHS, LOOKING FOR THE RIGHT TIME AND THE GOLDEN NUGGET IS THE CONTROLLER OR THE ACCOUNTANT'S P.C. >> I LOOKED FROM ONE SOURCE THAT I HAVE I LOOKED AT. IN FACT, WAS THE OSTERMAN'S RESEARCH SON NATIONWIDE, IF YOU HAVE TEN EMPLOYEES YOUR COMPANY COULD BE AT RISK OF AN E-MAIL MALWARE INFECTION 90 TIMES A MONTH FREQUENCY. >> THAT'S WHY IT'S KEY TO HAVE YOUR EMPLOYEES DO SECURITY AWARENESS TRAINING. THEY'RE JUST THERE DOING THEIR JOB, BUT YOU NEED TO TRAIN THEM ON WHAT TO LOOK FOR AND HOW TO PREVENT IT. >> LET'S GO THE PROTECTION E-MAIL, HERE IT IS. NOW, THESE ARE SOME OF THE PROTECTIONS THAT DAVE SUGGESTS, SECURITY ASSESSMENT, E-MAIL RULES, PASSWORD CHANGES AND END POINT SECURITIES. REVIEWS OF ALL EVENT AND SECURITY LOGS. DARK WEB RESEARCH. COMPUTER UPDATES, AUTHENTICATION OF WEBSITE AND MOBILE DEVICE SECURITY, ALL OF THESE ARE A THING. PICK OUT THE FEW THAT YOU THINK ARE MOST IMPORTANT. >> I THINK IT STARTS WITH A SECURITY ASSESSMENT. YOU WANT A BASELINE WHERE YOU'RE AT. THINK OF THAT. WHERE ARE MY WEAKNESSES AND WHAT ARE MY VULNERABILITIES. SO I WOULD START THE ASSESSMENT AND THEN I WOULD HAVE A VERY STRONG PASSWORD MANAGER, IF YOU HAVE A WEAK PASSWORD, AND THE OTHER IS THE MULTI-FACTOR AUTHENTICATION TO CONFIRM IT'S YOU. AND I FEEL YOUR FIREWALL IF IT'S NOT PROPERLY LOCKED DOWN AND YOU'RE ONLY ALLOWING TRAFFIC YOU KNOW IS GOOD IS ANOTHER VERY COMMON WAY THESE BAD ACTORS GET IN THERE. >> AND YOU SAID THEY EVEN SABOTAGE BACKUPS? >> THAT'S THE NUMBER ONE THING THEY'RE GOING FOR BECAUSE THAT'S HOW YOU RECOVER. ONE OF THE BIG THINGS WE WANT TO TALK ABOUT IS RECOVERY. IF THEY'RE IN THERE, THEY'RE LOOKING HOW TO DESTROY THE BACKUPS, ONE, TWO, THREE MONTHS BACK. THE FURTHER THEY CAN GO BACK ON THE BACKUP. THE FURTHER YOU COULD GO TO RECOVER YOUR DATA WHICH COULD COST THOUSANDS. >> AND MOST DON'T HAVE ADEQUATE PROTECTIONS. >> IF I WERE TO GRADE THE MAJORITY OF PERSONS, A "D", THERE'