Hacking, the ‘IT’ thing to do in 2017 is on the rise, and on Thursday, along with pictures of Prince George’s first day at school ‘breaking the internet’, another type of internet breakage took place in the US, with credit reporting firm Equifax announcing it had been hacked due to a vulnerability in one of their web-based applications.
Attacks such as these are unfortunately becoming the norm and ignoring them won’t help you or your business avoid them. Just check out Wired magazine’s wrap-up of the biggest hacks to have hit 2017 in only the first six months – staggering, frightening and in no way slowing down.
So, what are we to do? Well, as with most things, prevention is the best cure. If a giant firm like Equifax can get hacked, or a presidential candidate (Emmanuel Macron or Hillary Clinton, take your pick) so can you and your business.
In fact, small and medium businesses (SMBs) are ripe for the picking as they often don’t have the resources or capacity to hire an in-house cyber-security team. SMBs are often not as well informed or up-to-date with the latest protective applications or hacking pitfalls. As The Guardian reported way back in February of 2016, hackers have become increasingly aware of these vulnerabilities and do everything they can to exploit them, usually with great success.
Hacking away at my data
Let’s take a look at just two of the biggest hacking attacks to have taken place in 2017: Equifax and the National Health Service (NHS): two massive organisations that store and manage a tremendous amount of sensitive data. What happened?
As we’ve already established, Equifax was attacked due to a vulnerability in one of their web-based applications. This hack resulted in almost 143 million consumers in the US, as well as a small number in the UK and Canada, having their personal data compromised.
Due to the nature of Equifax’s business - they are one of three main organisations in the US that calculate credit scores – an unseemly amount of consumer information was disclosed. This included names, social security numbers, birth dates, addresses, driver’s licences and credit card numbers. For those consumers who had their social security numbers stolen, the impact of this breach could affect them for many years to come (social security numbers are assigned to people for life).
What web-based application got compromised?
Equifax has yet to release that information, however, knowing that web-based applications are programmes that require an internet connection in order to be used or updated (think Facebook, LinkedIn, Email, untrusted web sites), we can make some educated predictions, and therefore implement preventative measures.
In May of this year, the NHS was attacked by a malicious cyber-virus by the name of WannaCry. Unlike Equifax, where customer data was stolen, the NHS experienced the nightmare known as ransomware: a horrible piece of software that hijacks your computer’s systems, rendering it useless until a Bitcoin ransom is paid.
While the NHS claimed that no patient data was compromised, the attack caused major issues across 48 NHS organisations in England, 13 in Scotland and a small number of GP practices across the country.
What were the conditions that allowed for this type of hack to take place?
The NHS was running different versions of their Microsoft Operating System (OS). Microsoft had updated its latest OS to resist such attacks, yet the NHS was running on the now antiquated Windows XP. Microsoft had announced two years earlier that it would not be creating any new updates for XP, essentially making the product irrelevant. The NHS failed to respond to this and as a result patients were put at serious risk.
What these two attacks have in common, other than exposing highly sensitive customer information, is that both were due to vulnerabilities in their IT infrastructure. The question every SMB needs to be asking themselves therefore is:
How can I protect my business from being hacked due to vulnerabilities in my IT infrastructure?
Glad you asked.
First off, you need to do a little bit of soul searching, or more appropriately, tech searching. Ask yourself, “What does my current IT infrastructure look like?”
Figure out what you’re currently using and what’s missing. Is all your software and hardware up-to-date? Do you even know what up-to-date looks like? Do you have good processes and systems in place? What does a good or a bad process look like, and is the one you’re using right for your business? If you’re a business that trades online, have you made sure your payment systems are secure? If you can take data from someone, that’s a door, and skilled hackers can use it to get inside.
These are only a handful of basic questions you need to ask yourself in order to assess if your IT infrastructure is up-to-scratch. Another, even more, important one to ask is, “Does my IT team know what it’s doing and is it up to the task?'
If you don’t know the answer to the above questions or have any doubts about them, the best thing for you to do is to find yourself a group of IT experts who are up-to-date and up to the task, and get them to conduct a security audit on your infrastructure (luckily for you I know just the motley crew).
A detailed security audit will bring to light a whole host of issues – some obvious, many not - that your business needs to address in order to stay as cyber-attack free as possible.
Find out more about Advantage’s IT Audits.
Become an onion
Like an onion or a fashionable winter dresser, the key to keeping your business secure is layers.
Let me repeat that so you know it’s important. Having multiple layers of defence is essential to keeping your business secure.
Safety in numbers. The more lines of defence you have the more difficult it will be for a malicious virus to get through; if one line of defence fails to pick up a virus, another is there to catch it. Remember viruses come in all shapes and sizes.
Besides providing consultative services, security audits and dedicated support, when Advantage is managing your IT infrastructure, it makes sure to layer you up – singlet, shirt, sweater, and coat.
Layer one: Products Advantage use Office 365 and Microsoft Azure to keep you safe by leveraging the most up-to-date security protocols put in place by the tech giant, Microsoft. From managing and controlling identities and user access to using hard-hitting analytics to predict threats, both Office 365 and Azure already incorporate a multi-defence approach to security.
Layer two: Partners Advantage work with two security expert firms to deliver further security and give businesses even greater control, these are Watchguard and Mimecast. What do these partnerships allow them to do?
Watchguard gives Advantage the capability to provide:
- Intrusion prevention
- URL filtering
- Gateway Antivirus
- Network Discovery
- Reputation-based Threat Prevention
- Spam prevention
- Application control
- APT Blocker
- Data Loss Prevention
- Threat Detection and Response
While Mimecast allows for greater email security, including:
- AV and Spam Protection
- Targeted Threat Protection
- Email Attachment Management
- Data Leak Prevention
Layer three: Training You can’t defend yourself against what you don’t know. If we think back to the NHS ransomware fiasco, the reason attacks like this are possible is often due to employees not knowing what they should be on the lookout for. With ransomware, for example, computers usually become infected when somebody clicks on a dodgy link or downloads what at first glance appears to be a harmless file, but in reality is a virus infested PDF.
Having proper and regular training can save your business from a whole host of issues. In fact, sometimes the worst cyber-attack events happen not because the infrastructure is deficient, but because employees are simply unaware of the risks associated with working on devices that are hooked-up to the internet.
As part of its commitment to cyber-security, Advantage offers regular, in-depth training workshops as well as helping your business to become Cyber Security Certified.
Find out more about Advantage’s IT Managed Services offering
As we keep seeing in the news, cyber-attacks are not going anywhere. They are a thing of the present and future, and it’s your responsibility to make sure you and your business are doing everything possible to protect against them. Remember, it’s not just your business that’s at stake, your customers are trusting you with their data, sometimes highly sensitive data. If their information falls into the wrong hands, it could have catastrophic results in their lives.
If you would like more information on cyber-security or Advantage Business Systems, talk to us today.
Words by Camilo Lascano Tribin