If you’re a small to medium sized business (or even a large business) then there’s a lot to manage.  However, as IT professionals we always cringe when businesses tend to skimp on IT security.  This can be incredibly costly for businesses both in terms of money as well as reputation (which you can’t really put a dollar amount on).

Things to look for in phishing emails

There have been many high profile data breaches in recent years.  One of the biggest ones was with Target, who let a lot of credit card numbers get hacked due to subpar security measures.  I myself (the author) had my credit card number eventually used fraudulently from this breach.

However, will customers hear news of a breach like this and stop shopping at a certain store because of it?  I haven’t changed my shopping habits and I still shop at Target.  After all, the bank covered the damages when criminals took my card number to a shoe store and bought almost $500 of shoes and then lunch at Subway.  So who really bears the brunt of damages here?

Either way, the damage to a company’s reputation can suffer if companies are not careful about their IT security can be bad if they do not handle the aftermath well.  This is what happened with Equifax recently and the resulting fallout from the mismanagement of the public relations after the breach.  The coverups and attempts at patching the problems created more aggravation for customers and put a resulting black mark on their name.

AMA Networks, a managed IT services company based in San Diego California says that handling IT security is one of the most important aspects of a company’s IT planning.  It’s not something that should be done part-time or half baked.

Ensuring there is a cultural attitude towards trying to suss out and prevent hacking is also important.  Teaching and training employees in knowing what to look for is important.  It’s surprising how many breaches occur because of an employee carelessly opening an email attachment or giving information over to a phone scammer.  It’s true that these scams continue to get incredibly sophisticated so employee training is key.

It’s also important for business owners to keep tabs on the overall climate of security and subsequent news.  It can be an important consideration when choosing major changes for companies such as the onboarding of new technology and managed IT experts in order to prevent security holes in new equipment.

Additionally, ensuring that your company is within compliance standards doesn’t mean you’re in the clear.  Compliance is often the bare minimum.  In order to stay ahead of new threats you have to take a proactive approach to IT security and risk assessment.  Staying ahead of the game means employing state of the art encryption technologies as well as making sure that your hardware and equipment can handle stricter security protocols.

Don’t be afraid to outsource these elements of IT jobs as it can put a strain on in-house IT staff that might already be too busy with other work.

The last two years have been two of the biggest in terms of “big name” hacks.  The Target credit card scandal and the Sony Pictures scandal have been two of the biggest headlines of the past couple of years.  Thousands upon thousands of people had their information stolen and compromised.  I was one of those people who had a credit card number stolen in the Target breach, but it wasn’t until months later that a criminal used my card number.  Thankfully AMEX is very good about fraud protection and we were able to stop the card before too much damage had been done.  I wasn’t liable (thankfully) for the almost $700 worth of charges that the criminal had racked up in about 30 minutes.

The latest hack on a government network is also very dire looking.  The Office Of Personnel Management (OPM) has said that over 22 million records have been stolen, and that “Everyone who works or has worked for the federal government as an employee or contractor should take immediate action to protect themselves.”

What was stolen?  Here’s the list, also from that Trend Micro blog post:

  • Social Security Numbers
  • Residency and educational history
  • Employment history
  • Information about immediate family, other personal and business acquaintances
  • Health, criminal and financial history
  • Usernames and passwords applicants used to complete background investigation forms

That’s a lot of information, and quite enough for hackers to set up accounts under people’s names and exploit the heck out of them.  It’s an incredibly damaging breach and 22 million people is a LOT.

Thankfully credit card issuers are employing chip technology, but how does that prevent someone from opening up a card account under their name in the first place?

All in all it’s a dire situation, and I encourage everyone, no matter if your information was compromised, to start up some sort of identity theft insurance.

Also recommended is protecting your own personal computer.  Hackers are getting more and more sophisticated and have been able to make off with a lot of personal information through spyware and malware.

Did you know that keysniffers are one of the biggest culprits in malware today, and that your antivirus software may not detect them?  That’s why I have personally installed Spyhunter 4 and run it on an auto scan every week in order to ensure that my PC is free of unwanted malware.  You can download it here from my favorite website, We Hate Malware.

Overall, it’s very important to keep an eye on your personal accounts.  Check your credit card statements weekly, and install phone apps so that you can receive fraud threat alerts.  The reason we were able to stop the thief with my credit card information so quickly was that a fraud alert popped up on my phone and I was able to call AMEX and have them cancel the account.  It probably also helped my case when it came time to have AMEX cover those charges.

You could also go off the grid entirely, but that seems almost impossible to do these days.  So just stay on top of the news and ensure that you’re careful about your data.

A lot of companies are taking notice of ransomware these days, and it’s a very important consideration. Several blackmail hackers have held companies for ransom with a variety of methods.  However, prevention is the better way of dealing with ransomware – before it becomes an issue!  The key is to educate your employees and ensure that you have all the safeguards in place.

I especially like this quote from an article I recently read:

 SHIELDS UP

People should not have to make the choice to pay a ransom to save their data. Antivirus programs can only do so much, as email phishing schemes become more sophisticated. The biggest chink in our defense is what security officials call “social engineering”: that is, people. We will never be able to prevent every employee in our network environment from clicking on suspicious links in emails. Malware is like a vampire: It has to be invited in. Given enough time, someone in our organization will make this mistake. It is human to do so; it can’t be avoided.

In my library, our IT guys have put safeguards in place so that we cannot install the simplest Java upgrade without their password. Annoying, yes. But that may be what saves our network from the employee question, “Should I click on this?”

On the other hand, there is some ransomware that can be caught or downloaded by clicking on advertising that leads to pages that execute exploits for vulnerabilities in outdated browser plug-ins such as Java, Silverlight, or Flash Player. It is wise to keep these adjuvant programs up-to-date, even if we have to ask for a password to do so.

In general, computer users should make sure that all their software, particularly their antivirus software, is up-to-date. We should all continue to click carefully and avoid opening links in email from people we don’t know or companies that we aren’t doing business with.

Turn on the pop-up blocker in your web browser.

Finally, we need to make sure to do that most difficult of tasks: Back up important files on a drive not connected to our computer all the time. Alternatively, we can back up into a cloud storage service that keeps an archive or a history of the versions of our files, such as Microsoft OneDrive (one drive.live.com).

These are all just common-sense suggestions for effective PC health on the internet. While often running counter to our everyday habits, if we can integrate these steps into our computer use, we will be able to keep the bad guys out while letting the right data in.

 

McDermott, Irene E. “Ransomware: tales from the cryptolocker.” Online Searcher May-June 2015: 35+.