Let’s face it…everyone these days has a website. It is estimated that over 75% of the worlds small to medium sized businesses currently have an active website. These websites contain vital data to run the business, account numbers, client contact information, financial data, and an extensive amount of data that can be used for malicious reasons. Even if your most sensitive data isn’t “out there” on the internet, these websites allow access to the systems on your network that DO house this data.
There was a time when hackers and identity thieves would prey on larger corporations going after a guaranteed target to find the information they needed, but today that is not the case. Small to medium sized businesses are a common target because more times than not these companies have the most accessible holes in their system for a hacker to exploit. Even seemingly “secure data” can be accessed through other vulnerabilities in the system using wide variety of methods. How secure are you?
If your company is connected to the internet you are exposed to some degree. Security is so often overlooked, but with a recent increase in high profile cyber-attacks, companies are starting to realize how important their networks’ security really is. The scary part is how vulnerable most companies are even when they think they have a fair amount of security already in place. Unfortunately, security is often times one of the things we don’t realize how important it is until it is too late and how important it is to have frequent security audits/updates.
There are generally two scenarios to get targeted for an attack.
One is for an individual to decide they want to attack you. There is not much you can do to stop this from happening, but there is definitely a lot you can do to prevent them from being successful. With this type of attack, the attacker is more likely to take steps in order to minimize discovery. The attacker could be an ex-employee, a competitor, or simply seeking revenge on your company. Without an experienced administrator, this type of attack could easily go unnoticed.
The other scenario, and probably the most common, is to have a vulnerability in your network that is exposed by scanners. Computers are constantly scanning the internet looking for machines that have unpatched vulnerabilities. Basically…someone starts a program, when the program gives them results they use the information to exploit the system. It takes no high level skill to perform this method which is what makes it so dangerous. Often referred to as “script kiddies” in the industry, users can gain unauthorized access to a remote system without the high level of knowledge typically associated with hacking. Once access is gained, damage is highly likely. The attacker is doing it for fun. Their personal gain is the excitement, so there will be no regard for damage the company experiences as a result. This is not only an issue for large corporations. Many of these “script kiddies” aren’t hacking for any general purpose other than for bragging rights to their friends, so it doesn’t matter what size of organization or what damage they do. Many small to medium sized businesses find themselves the victim of an attack such as this one because they don’t think they would be targeted. That’s just the point though…everyone is a target and a potential victim and these cyber-attacks are becoming more and more frequent with small to medium sized businesses as the intended target.
Cyber-attacks cost companies, of all sizes, substantial amounts of money every day. Unlike physical property, stolen digital data can be rapidly duplicated so the damage cannot be ‘undone’ by recovering the data. The moment it is stolen there is NO getting it back, merely getting back one of the many copies of it. The way in your system and to your data could be anything; a user account that was never disabled, common passwords, improperly configured wireless access point, a lost or stolen laptop, etc.
How are you handling your security? Do you have a reputable partner with the proven experience finding (and correcting) these security holes in your network? These attacks happen every day and if the proper measures aren’t in place along with the proper ongoing maintenance it is only a matter of time before your security has been breached. There are many reputable firms that can perform the necessary security audits to find the holes before an unscrupulous hacker finds his or her way into your network to cause immeasurable mayhem. 3coast can provide security auditing services and the proper network management to ensure these vulnerabilities are exposed and corrected. Even if you have an internal IT Team managing the network it is very advantageous to allow a 3rd party to offer an unbiased opinion into how secure things really are.
Here are some of the basic guidelines. Doing these things will help keep your information secure, but these are just the basics.
- Use strong passwords (alpha-numeric, 8 character minimum)
- Rotate passwords on a quarterly basis
- If a user doesn’t need specific access, don’t grant it
- Keep all security patches up to date
- Have a good firewall that is properly configured and keep it updated regularly
- NEVER use unsecured wireless
- Have Anti-Virus on ALL machines
Security is not just about the products in place, it is about the processes being followed and the attention to detail when auditing your network for vulnerabilities. Having the proper processes in place will not only keep you ahead of the competition, but constantly monitoring your security keeps you one step ahead of the “bad guys” out there looking to wreak chaos for no other reason other than personal satisfaction. So ask yourself…“ How secure are we, really?” Then call 3coast for a security audit and to ensure that your network is performing with the best security possible. We can be your partner to keep you one step ahead of the competition.