By Clint Confehr
BRENTWOOD, TN — As flu shots ward off that train wreck of a sickness, precautionary measures are the best prophylactic against data theft and kidnapping, according to one businessman’s clinical approach.
“The World Wide Web that we know … is probably less than a third of the dark web,” says Thiru Ilanchelian — call him Ted — who leads CMIT (Completely Managed Information Technology) Solutions at 205 Powell Place.
The dark web isn’t indexed by search engines. It harbors “a huge underground” of criminal activity, Ted says. CMIT offers cyber security for businesses with four to 400 employees before and after “somebody locks your data” for ransom or sells it.
Ted prefers precautionary measures, something a financial real estate-related business didn’t have. “We went back and set everything back up for them so it would not happen again.” Brentwood, Franklin and areas southwest of downtown Nashville are where CMIT Systems provides IT services.
Nearly as dangerous as Internet pirates are untrained or criminally-inclined employees. More than 100 million Capital One customers’ personal data were allegedly compromised July 30 by Seattle software engineer Paige Thompson, 33. She denies wire- and computer-fraud charges. Her Nov. 4 trial is reset for March 2.Meanwhile, a Riviera Beach, Fla. employee opened a corrupted email on May 29. Insurance paid a $600,000 (65 bitcoins) ransom to recover data.
Losses vary, Ted says. “You really don’t know until you total it up. There are so many avenues.”
Spring Hill’s city board didn’t pay ransom, but paid $80,000 to overcome a 2017 attack, spokesman Jamie Page says. Employees now stop and think before opening filtered emails. Insurance didn’t pay temporary workers for manual utility billing, or rebuilding servers. Customer history, contacts and account details were lost, but “no personal information was breached.”
Murfreesboro and Smyrna also suffered attacks.
“Protect your work,” Ted says. “Protect your computer. Train your people. That’s the most important thing.” Too often, “cyber criminals win the war, not because of a fault in technology. It’s more because untrained people do good things that end up unintentionally bad. Nobody is exempt … A lot of my clients train their employees … Some take the training seriously. Some don’t. After training, if they do something they weren’t supposed to, the question becomes, ‘why?’
“That’s why I’m not going to say we prevent cyber attacks 100 percent,” Ted says.
“Keep copies of your data electronically in 2-3 locations … If fire destroys the building, you must go to the cloud and get the data back,” he says. Thumb drives and laptops can be taken from the office for homework, damaged in a traffic accident, or stolen.
Cyber criminals ask, how valuable is the data to a target, and how valuable it is to someone else? If it’s more valuable to the owner, ransom is sought. If not, data is kept, combed for value, and sold on the dark web. Law enforcement has closed some criminal sites.
Criminals conducting ransomware attacks on small businesses sectors examine businesses, determine which are protected and attack those that aren’t.
“If you’re a government contractor,” Ted says, “they can be persistent.” They want new technology. It’s cyber war. U.S. government contractors “need to be very careful because they’re not a potential target, they are a target [and] foreign states sponsor … cyber criminals,” especially for military techniques and secrets.
Ted’s at firstname.lastname@example.org. He and CMIT associates ask: “What if? What is the plan B? What is plan C if the inevitable happens?” CMIT streamlines IT structures and writes security and employee policies.