As hackers become more ambitious, acting not always for personal gain, but sometimes for political reasons, the need for better cyber security has become startlingly apparent. Improve your business’ IT security strategy by learning how other organizations have fallen victim to even the simplest of scams.
Protect Your Business from Malware and Cybercrime
Every year, the news is filled with details of high-profile data breaches, and devastating hacks that not only cost companies millions, but also severely compromise their reputation and public image. Yet there is something to be learnt from these cyber attacks, as despite their scale, they often prey upon simple security weaknesses that could be found in any system.
A cyber attack could mean anything from the theft of confidential data to the implementation of a virus that compromises your system’s functionality. As such, it is vital to develop a detailed IT security strategy to ensure your business is protected at all levels.
If You Build It They Will Come
Hacking has been around more or less as long as wireless communication. In 1903, Neil Maskelyne orchestrated what could be considered the first network hack, during a wireless telegraph demonstration. The demonstration was unexpectedly interrupted when the telegraph receiver began to tap out a poem in Morse Code.
Today, however, hacking is often a far cry from this prank of more than a century ago, with several recent attacks on businesses and government agencies compromising the personal data of thousands of people.
Unfortunately, it is impossible to be prepared for every possible exploit, as the architects of some of the world’s more startling hacks continue to demonstrate. Nevertheless, the fact that hacking remains a threat even to high-profile organizations is a strong argument for shoring up your cyber security.
Not every hacker knows every trick in the book, and the majority of IT security breaches, involving businesses and private individuals alike, come down to simple security failings that could be easily resolved.
One hack that made the headlines in 2016 highlights one of the most common mistakes made by internet users. Mark Zuckerberg, co-founder of Facebook, allegedly experienced several breaches of his Pinterest and Twitter accounts. The reason cited was his use of the same, very simple password, “dadada”, across both accounts.
Yet it is not uncommon for people to use the same password multiple times, or to develop a common theme throughout their passwords. The thing is, most people do not expect to become a target, or do not realize the extent to which patterns can be detected and exploited.
When managing user accounts, computer access, and any other aspect of your business which may incorporate passwords, it is important to have a firm system in place regarding password security. This should include measures such as two- or three-step verification, the use of time sensitive passwords, and session timeouts to protect your system in the event that someone should forget to log out.
You should also introduce policies stressing that employees must not write their passwords down, or disclose them to anyone else. While such actions may be carried out with innocent intentions, if these details fall into the wrong hands, it could spell disaster for your business.
How Phishing Changed the Future of a Nation
To get a sense of the scale of some of the world’s more recent hacks, it is worth looking back at the news of the past year or two.
- A JD Wetherspoons database containing details of over 650,000 customers, including some credit card details, was compromised in 2015.
- Also in 2015, the infamous dating website Ashley Madison came into the spotlight after hackers indicated that they would publish the names of the site’s 37 million users, many of whom were alleged to be involved in adulterous relationships.
- In early 2016, the names and contact details of approximately 30,000 US government employees, including over 20,000 members of the FBI, were leaked after the group responsible gained access to the internal network of the US Department of Justice.
However, the case that almost everybody heard about was the infiltration of the Democratic National Convention. This breach gave hackers access to more than 60,000 emails related to Hillary Clinton’s election campaign. Details relating to these emails were later released via WikiLeaks, and the whole affair had serious repercussions for the Clinton campaign.
Yet it is believed that access to the servers was gained via phishing emails. All it took was one individual clicking on an unsafe link, and the malicious software was able to take root in the system, acting as a backdoor to confidential data.
Backdoors and Email Security
Deep down, everyone knows that they should not click on links in strange emails, or even open said emails, to begin with. However, phishing has become far more sophisticated in recent years, with bots designed to infiltrate your personal network, sending you messages that not only come from trusted contacts, but that are tailored to appear genuine.
In addition, phishing scams operate across multiple platforms, including Facebook and Twitter, catching some individuals off-guard. The problem is, once a malicious program has found its way into your network, it can be very hard to get rid of. Furthermore, as long as it is present, it can act as a backdoor into your network for individuals looking to compromise your business, steal your data, or even gain access to company funds.
IT security hygiene is another area in which it is vital that your staff are trained. If they access your network from a personal device which has been compromised, they can inadvertently infect your system. As such, security best practice becomes something all employees with any form of access to your network must consider both while at work and at home.
Hacking the Internet of Things
It is also easy to forget that more than just traditional computer systems can be hacked. The past couple of years have seen hacks of skateboards, Barbies, and even lighting, as speakers at the 2016 Black Hat Convention demonstrated, by hacking the conference lights.
In a more alarming case, hackers Chris Valasek and Charlie Miller demonstrated that they could alter the speed of a Fiat Chrysler SUV via a laptop, while sat in on their sofa at home. In addition, they were able to use the laptop to move the steering wheel, ultimately running the vehicle into a ditch. As a result, 1.4 million vehicles were recalled by the company.
While this may not immediately seem relevant to your business, it is important to remember that the Internet of Things extends to security doors, smart locks, and even surveillance cameras. If it has wireless capacity, then it could be an access point for hackers.
At first, it seems ridiculous to think that you could be the victim of malware via your digital coffeemaker, yet it is better to be safe than sorry. A good IT security strategy will take into account all devices and appliances that could act as a point of access, and take steps to secure them.
Don’t Be Fooled By USB Drives
Of course, cyber threats do not always have to come over the internet. As researchers at the University of Illinois demonstrated the risk posed by what they termed “USB drop attacks”. The study involved leaving 300 USB drives around the university campus, 48 percent of which were picked up, plugged into a device, and explored by the finder. In general, these individuals had hoped to be able to find the owner and return their drive.
The discarded drives contained callback software, which alerted the research team when the drive was used. This itself was harmless, but could easily have been a piece of malicious software intended to infiltrate a device and compromise its security.
This is another common concern that can be easily handled with the correct security training. If possible, it is best to avoid the use of flash drives entirely, as they can all too easily be plugged into a device that has already been compromised. Either way, it is important to have policies in place regarding the use of USB drives, both at work and off the premises.
Keep Up With the Latest Developments in Cyber Security
The more successful and high profile your business becomes, the greater the chances it could become a target for hackers and other cyber attacks. Even so, a detailed IT security strategy is essential no matter how large or small your enterprise may be. Many hosting providers offer advice and support on cyber security and are able to handle aspects of this on your behalf.
Stay up to date with the latest developments in IT and business security, and be prepared to evolve your security strategy to cope with developing threats and exploits. This includes embracing a range of encryption strategies, implementing firewalls, and ensuring that any ecommerce applications or sites comply with payment card industry data security standards (PCI DSS).
Combine this with comprehensive security training for your employees, and ongoing maintenance of your security infrastructure, and you will be able to focus on growing your business, without making yourself an easy target for the ever-changing milieu of digital threats.