Taking a cue from the real world of celebrity, the manual for dealing with embarrassing social media posts is:
- Post nude selfies
- Claim you’ve been hacked
As we all know, the vast majority of these turn out to be not hack attempts, but acts of stupidity and regret.
But make no mistake – hacking does exist, and is way more prevalent than you might think. In fact, a 2014 UK government cybersecurity survey reports that 81% of large businesses have suffered malicious data breaches (aka “hacking”). So what is hacking all about, and are you at risk?
“No one wants to hack us; I’m just a small company”
– Small Business Owner
You may think you are safe because you are just a local small business, minding your manners and taking care of your customers. But don’t underestimate the passion of the criminally minded. An angry customer, ex-employee, or a competitor may write you a nasty Yelp review… or they could just as easily try to crash your servers or steal your data. Some people in this world will passively make your life a living hell over a minor perceived offense.
More often than not, however, is that the hackers aren’t targeting you specifically. Most likely they are casting a wide net, sending out probes and looking for weaknesses by running very sophisticated software scanning a vast block of IP addresses, checking for open ports on the firewall, unsecured servers, and unprotected systems. And when they find an opening, they create themselves a backdoor to get what they want.
In the small businesses environment, this is a common threat we see. The fact is, getting a virus into the office via email really isn’t that difficult. Most people aren’t properly trained to properly check emails and will open any attachment that looks like it came from a colleague or vendor. All it takes is a single double click unleash a nightmare that could cost you tens of thousands of dollars in lost data, lost productivity, and lost revenue.
What’s the Worst that can Happen?
Worse than you can imagine, actually. The famous stories are bad enough – major companies like eBay, Home Depot, JP Morgan Chase, Sony, Target – the list is endless. These companies alone combined for over 1 billion dollars in losses to deal with these breaches. Closer to home, we’ve worked with small businesses who’ve had over $50,000 transferred out of their bank account, lost all their data to a server crash, and had their data encrypted and held hostage in a Ransomware attack. The risk runs the gamut from “minor annoyance” to “devastating financially and completely crippling”.
I have anti-virus – Aren’t I Protected?
Yes and no. Yes, you are protected much, much more than if you didn’t have any anti-virus or anti-malware. Same goes for having a properly configured firewall and internal network security. But the fact is, hackers are good. Scary good. They’ve hacked the CIA, Sony, Home Depot, and likely certain presidential candidates. I tell my customers all the time – if they can be hacked, you can be hacked.
There is literally an unorganized army of sophisticated hackers out there constantly finding and exploiting holes in your network devices. They find a new hole, wreak havoc with it until enough anti-virus or software providers have found it, mitigated it, and pushed the patches out to their clients. By then they’ve found 10 new holes. It is an endless, vicious cycle.
So I’m Out of Luck?
No! There is light at the end of the tunnel. It’s just that we can’t seal off the tunnel completely or permanently. There are things you can do to drastically reduce your exposure. It’s like living a healthy lifestyle – There’s no guarantee you’ll live to see 90, but if you exercise, eat properly, and refrain from certain vices, the odds greatly improve. Of course, I don’t know about you, but I’d rather eat a few more chicken strips and chocolate chip cookies and settle for 85. But I digress…
There are a few major safeguards you can implement to drastically improve your odds of protection as well as your ability to recover from an attack.
- Have a business class, up to date firewall. Firewalls block a lot of the malicious probing attempts out there, but a lot of firewalls aren’t properly configured or kept up to date. An out-of-date or open firewall can let just as many threats in as no firewall at all.
- Have up to date anti-virus, preferably centrally managed. If you install one-off versions of Norton and leave it to your employees (or yourself) to update your anti-virus, it will get out of date fast, and without updates it doesn’t know about the latest threats. An enterprise level managed AV software can push out updates to the client computers, monitor threats, and let you know which employees are letting the viruses in the door.
- Hold a training on “how to open email”. Sounds basic, perhaps, but the vast majority of attacks make their way into the office by someone opening an email. The virus reaches out to the network, the servers, and other computers and infects everyone it touches. This is one of the most important things you can do as a company.
- Routinely run network probes and threat assessments. Companies like CCO can unleash friendly “hack attempts” in order to identify weaknesses. If you deal with PCI compliance at all, this is mandatory. But it’s a great way to get piece of mind and do all you can do to protect your data.
- Assume you will be hacked and figure out how to deal with it. As the NSA’s head of Information Assurance Directorate said in 2010 “There’s no such thing as ‘secure’ any more… We have to build our systems on the assumption that adversaries will get in.” This is the NSA saying this! The best way to plan for this is to have a strong, reliable offsite backup solution in place in order to rebuild from a catastrophe, and a documented plan to not only remediate the threat, but recover from it.
The good news is that if you’ve made it this far, you are now on your way to being better protected. You now know how the threats can come in, what makes your vulnerable, and a few key things you can do to better protect yourself and respond if you are a victim.
If you want to learn more, we’d love to talk to you. CCO has dealt with many of these threats, and knows how to minimize your exposure, maximize your uptime, and save you the thousands of dollars (and headaches) that come with this type of attack. Contact us today!