One of the reasons that the Apple operating system was perceived to be so safe throughout the late nineties and early 2000s is that the user base was relatively low. The use was also limited to professional settings, so there wasn’t likely to be much more than a work email address from a Mac user. Of course, times have changed and now Mac finds itself just as vulnerable as every other operating system.
Small businesses tend to perceive themselves as the ‘Macs’ of the security world. They are successful, but on a niche level and therefore not really worth the effort of hacking. Nothing could be further from the truth.
How Attacks on SMBs Work
Cyber-attacks are typically conducted on a short or long term scale. The hacker looks for what he or she can get in the moment, then prods for potential openings. This isn’t a great strategy against large companies that may have employed an IT department to secure the network and its secrets. Smaller companies, however, tend to localize their network security in the form of antivirus software. As a result, long term attacks have great success against smaller businesses without the resources to defend for long periods of time.
What ‘Compromised’ Really Means
When Dennis Nedry hacked into the Jurassic Park security system, he replaced the administrative desktop with some graffiti and prevented access to the network through a password screen. This was the definition of ‘compromised’ that Hollywood set in June of 1993. Until the Sony breach, and then the Target and Home Depot breaches, it was our only way of understanding how hacking works. It’s subversive, that’s true, but the goal of hacking is largely information access. Hackers want data they can sell, like customer information or trade secrets.
In this sense, a network compromise represents a serious financial loss to your business. During a hacking, you either lose trust with your customers or data about the products you are building that give you a competitive edge. If that doesn’t wake you up to the reality of cyber attacks, consider that an infected compute can damage more than your own network.
Bot Nets and How They Affect You
A new challenger to the social network scene, ‘Ello,’ found itself to the be the target of a DDoS attack in late September of 2014. The network was gaining more users when the attack hit, bringing the site and its services down for 35 minutes while the team investigated the source of the problem. Bot nets are like armies, sometimes referred to as ‘zombie computers,’ and they are used to carry out an attack elsewhere on the Web. So a hacker may steal resources you use in your business to conduct an attack on another business. The result is losses on both ends, and hackers have a multitude of ways to inject these viruses into your system.
To put things into perspective, Amazon (which is a large company) loses $66,000 every minute it is not in operation. What’s your company’s number?
How to Fix the Problem
The first step is to backup your files religiously. It’s not enough to designate Tuesday as backup day, you need to automate a schedule that accesses your most important files from each terminal and backs those up to a central server that is off site. This is commonly referred to as ‘the cloud,’ and it’s a useful method to keep your files safe from attack.
The next step is to designate secure password use, meaning passwords for each terminal that are better than ‘password123.’ In this regard, it is a good idea to set employees up with a password management program to help them track the passwords they use. Also encourage employees to vary the passwords they use for each service, even if they protest.
Securing each terminal really comes down to training. Make sure that employees understand where to download securely, monitor their usage and follow up with real infractions that encourage better use. Restrictions are the best approach, because it’s easiest to restrict low level employees and grant priviliges as you go up the chain. Internet security software can help you manage firewalls, terminal access, and automated scanning to try and make this task possible.
Security is everyone’s concern, and everyone should understand how to do their part.