Cybersecurity 2020: Identifying Threats and Best Practices in the Lighting and Electrical Industry

Apr 28, 2020

There’s no doubt that business operations have changed and more people are working from home right now. Cybersecurity is an important part of a business that shouldn’t be overlooked. We sat down with Jeff Waite, Technology Administrator at Mac’s II Agencies,* to discuss what we should look out for and some best practices to keep you and your teams secure in 2020.

1. Your title is Technology Administrator at Mac’s II Agencies. Tell us a bit about your background.

I’ve been at Mac’s II for 11 years, 2 years as the Technology Administrator. Before Mac’s II, I was the Product Manager for a computer software/hardware manufacturer based out of Sweden (10 years). Before that, I was a Computer Consultant at Simon Fraser University (4 years). I’m also an app developer, having created an iOS app for a small business based around fitness.

As I have a background in programming from SFU, and sales experience in technology manufacturing, these naturally transition well into handling technology at a sales agency in the electrical industry. I’ve always had a love of computing, and technology in general. It has now finally melded wonderfully with my career in the electrical industry.

2. We’re noticing more and more cybersecurity threats. Should we be worried?

The electrical industry is unfortunately no different than any other, and security has never been so important. As I see it, the electrical industry is getting hit as much as any other.

The unfortunate thing is that the sophistication with which the threats are coming at us are getting higher every year. Emails come in from people we “know”, with formatting and syntax, like it is a real communication. Malicious sites are getting hidden within hyperlinks, and attachments that look like files, are purely links to bad files or sites.

With the current COVID-19 pandemic, more people are working remotely and from home, which makes cybersecurity even more important. Instead of having a single office to make secure, we now have 10, or 100 (or even 1,000). This makes it an even higher concern, to be watchful on what users are doing within their incoming emails, and what sites they visit. Secure VPNs help in this manner, and more secure passwords, as well as authentication means.

3. What are some examples that we should look out for?

• Voicemails attached to emails. A good example: an email comes in with an attachment for a voicemail. Just click the attachment to play it. Of course, the sender is not from someone recognizable, and the attachment is not a playable file (wav or audio format) but is an html link to an outside website.

• Links disguised as Adobe Acrobat files. Another example is receiving an e-mail with what looks like an Adobe Acrobat file embedded in the body (there is usually a picture of the Adobe Acrobat logo). This is not a file at all, but a link to a website that will be malicious in nature.

• Cloud storage file links. Some cloud storage e-mails will also look alright at first glance but in the end are not links that Microsoft or Dropbox or Google would send out. They use their branding, but just looking at the link will reveal where they are really going to send your computer.

4. What would you recommend as some best practices to keep individuals and teams safe from being hacked or private information being compromised?

Implement Two Factor Authentication (2FA) wherever you can.

Utilize cloud storage as a back-up, e.g., OneDrive, Google Drive.

Initiate a more complex password naming scheme, something that has a combination of upper case, lower case, symbols and numbers.

Make sure your technology support team stays on top of cybersecurity notices and news, set up a Google Alert for notifications.

Communicate to users within your organization what threats are out there and how to detect them before it is too late.

Always be suspicious and on the lookout for threats. If you think an email from someone is not legitimate, make the call to them and ask about it. At the very least it is a few moments of your time; at the most you may be informing them of a hack into their account or organization.

5. If you could see the electrical industry five years in the future, what would be different about cybersecurity?

We would have a panel that shares and allows access to information on these threats more readily and of course there will be less of them due to improvements in cybersecurity, not only for the electrical industry but globally.

* Established in 1980, Mac’s II Agencies represents power, electrical, lighting and lighting controls manufacturers throughout British Columbia and Yukon Territory. The firm provides sales, marketing and technical support for contractors, specifiers, distributor partners and other industry professionals.