AUGUSTA, Maine — When it comes to the threat of cyberattacks, it doesn't matter what industry your business is in or what size it is. Experts in Maine are advising local business owners to be alert as recent events nationwide have shown how significant security breaches within companies can be.
Curtis Picard, the president and CEO of the Retail Association of Maine, said he hasn't heard of widespread attacks in Maine yet but is encouraging business owners to pay closer attention to potential threats and be proactive. They can do so by talking to their IT team and looking at their systems to try to determine what the plan would be if something did happen.
"Try to understand if something did happen technology-wise to you, how would you deal with it?" Picard said, adding, "Think about who you would call."
Picard said a goal of the Retail Association of Maine is to determine the best protocol to help businesses if they experience an attack. He said right now, it's unclear who exactly a business owner should call for help or to report the incident.
Navigating the threat of ransomware attacks is challenging because there's still a lot that's unknown and it's relatively new territory. Picard said most businesses know how to deal with data breaches that steal information—but ransomware attacks can actually shut down systems. Surviving a global pandemic for the past year, though, has helped prepare Mainers to adapt and adjust accordingly as life changes.
"I mean, the past 16 months [have] been living by the moment and trying to find the best way," Picard said. "That's how it is sometimes. We don't always have all of the answers, or all of the information, but we know it's an issue. The more people we can bring to the table to try to address it, I think we'll start addressing it."
The Small Business Administration has determined some steps for businesses to follow to try to stay safe. Diane Sturgeon, the district director for the SBA's Maine district office, said it's often not a matter of "if" someone will be hacked—it's a matter of "when."
"The Internet has opened up this sort of thing to everybody," Sturgeon expressed. "Fraudsters are trying to get anybody they can, and I don't know anybody who hasn't been impacted by some sort of hack."
She said the shift to remote work during the pandemic has also put more businesses at risk of attacks, so it's important to keep employees up-to-speed about best at-home practices. Those include:
- Making sure the network they're on (whether it's wi-fi at home or a hotspot while traveling) is secure with a password.
- Using dual-authentication for systems.
- Changing passwords and making sure the same one isn't used for every log-in account.
- Double-checking where emails with a request for information or a link or document are coming from. If you're not expecting the message or don't know who the sender is, you shouldn't click on it or respond.
Sturgeon said during the pandemic, the SBA has been seeing incidents where hackers try to use information they may have stolen years ago to pretend to be a business and apply for relief loans. She said it's a reminder that Maine isn't sheltered, and businesses anywhere can be at risk, especially during vulnerable times.
"What the hackers do is they gather all of that information. They hold onto it. They're getting bits and pieces from all over the place," said Sturgeon. "When something comes up like this, where people start to maybe let their guard down, or there's a lot of panic going on—that’s when they strike. They're the ones that are trying to capitalize on these emergencies."
Sturgeon said it's important for businesses to have a plan in place ahead of time, in case an attack does happen. If you're business is hacked, she says you should immediately change your passwords and login information and let customers and employees know to help keep them safe. Some resources for help include:
- U.S. Small Business Administration
- "Stay safe from cybersecurity threats" per the SBA
- Cybersecurity and Infrastructure Security Agency
- "Protecting Small Businesses" per the Federal Trade Commission
- "FBI Releases the Internet Crime Complaint Center 2020 Internet Crime Report, Including COVID-19 Scam Statistics" per the FBI