One of the biggest threats to your business could be sitting in your email inbox or on a website you are about to visit. And you might not even know it. Cyber threats are everywhere, and criminals and hackers are not just targeting big companies, such as Target or Google.
According to statistics from the Federal Bureau of Investigations (FBI), 80% of American companies have been hacked in the efforts to steal data or gain access as a pathway to a larger company or target. A report by security software provider, McAfee, stated that almost 90% of small- and medium-sized companies in the United States do not use data protection for company and customer information.
Believe it or not – you are a target because small businesses can provide some of the easiest access to credit card and personnel records. They can also be attractive targets for the new ransomware industry that has developed. Some hackers will hijack your network and provide technical support to get it back for a fee. It can be easy for criminals to get access to your networks. All it takes is an old laptop that has escaped antivirus updates and is attached to your network. Or maybe a smartphone with wide open security settings allows hackers to steal key pieces of data. You have to identify the weak links in your system, and this needs to become a priority for managers because hackers can bring your business to a standstill or possibly hurt your relationship with customers.
Perhaps even more sinister than the hacking networks that have arisen for political purposes, such as ‘Anonymous’ are the cyber criminals who have turned hacking into a big business. This ‘professionalization’ of hacking that has emerged during the past years, in which hackers have become 9-5 workers with holidays, vacations and many of the other trappings associated with legitimate jobs.
Kevin Haley, director, Symantec Security Response, warned, “Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours. We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams.”
One of the preferred ploys of these organized crime rings is ransomware: malware that downloads on your PC or business network, secretly encrypts all your business data – and then demands a ransom for your files to be restored.
Indeed, Rich Conklin, owner of Executive Computer Solutions, says one of his pallet maker clients was recently hit with ransomware, which brought down 28 of its computers.
“Because they had a formal, data back-up program for their business – which I recommended and maintain — I was able to get most of their data restored later the same day,” explained Conklin.
All that remained encrypted was data tied-up in software that was maintained by another independent IT contractor for the pallet manufacturer, who’d refused to allow his data to be backed-up by Conklin’s overall back-up plan for the business.
Ultimately, the pallet manufacturer was able to slowly re-enter some of that lost data by hand, Conklin said. But the pallet maker was less-than-impressed with the contractor who’d refused to participate in its data back-up program. “Let’s just say the day that ransomware hit the system – that was his last day,” Conklin stated, referring to the independent IT contractor.
Ryan Naraine, a head of the global research and analysis at Kaspersky Lab, hears network take-over horror stories like Conklin’s every day.
“Right now, ransomware is an epidemic,” Naraine commented. “Although it has been around for more than a decade, we have seen a recent explosion of new ransomware families that is cause for serious concern.”
Indeed, some of the newest variants of ransomware are even popping up on mobile technologies, according to a report released by Christian Fredrickson, CEO, F-Secure.
Moreover, some of the most seemingly secure sites on the Web can unwittingly harbor ransomware. Last year, for example, fake ads on the Bing search engine were found seeded with ransomware.
The security take-away? Pallet makers of all sizes need to make peace with the fact that hackers won’t be neutralized any time soon. And they need to be honest with themselves that their current computer defenses are probably silly putty in the hands of experienced hackers.
The best way to begin hardening your online digital perimeter is to realize that the person or staff responsible for your Web security is the over-arching factor in keeping your business safe – and not necessarily the security technology they administer and oversee.
“Fundamentally, good security really is just good systems administration,” suggested Ira Winkler, founder of Internet Security Advisors Group, a computer security consulting firm. “And if you can’t afford or can’t get a good system administrator, I recommend outsourcing that.”
In fact, Winkler says the smallest of pallet makers will probably be best served by an out-sourced, third party computing solution, given that the entire focus of a top-notch network systems provider is on configuring, maintaining and securing computer systems, 24/7.
In other words: you may want to move the critical computer applications of your pallet making business to the ‘cloud,’ so you can take advantage of the relatively sophisticated Web security offered there, Winkler says.
At minimum, Sharon Nelson, president of Sensei Enterprises, a computer security consulting firm, recommended a quality Internet firewall that’s properly configured, and Internet security software that guards against viruses, malware and spyware. Both are available with software packages like Symantec’s Internet Security, Kapersky Security, Trend Micro Security and others.
And you’ll also need to be sure your staff gets the message that your business security has to be taken very seriously.
“Education of your employees is key,” Conklin said.
Staying a step ahead of hackers also means being careful with any custom-made software, Nelson said, since these programs are rarely subjected to the rigorous security testing that popular, established software endures.
Content Management Systems (CMS) — software designed to enable pallet makers to easily update their Web sites – for example, are often custom-made. “A custom CMS is usually a bad idea,” Nelson added.
Many employees also tend to get lazy about passwords. Surprisingly, one of the most commonly used password is ‘P-A-S-S-W-O-R-D’ – a seemingly trivial oversight that has spelled the undoing of countless, otherwise stellar computer security systems.
Nelson recommends complex alphanumeric passwords of more than 12 characters, which are tough to crack even by software specifically that is designed to crack passwords. And she reminds people to use different IDs and passwords to enter different gateways.
Pallet makers looking to be especially vigilant about passwords can also use free, online password generators, like Secure Password Generator (http://passwordsgenerator.net) or Norton Password Generator (https://identitysafe.norton.com/password-generator), which will instantly generate long, complicated passwords for you.
Or, they can purchase password management software that auto-generates complicated passwords, as well as centralizes all your IDs and passwords into a single, easy-to-use program. Top programs in this genre, according to PC Magazine, include Dashlane 4 (https://www.dashlane.com) and LastPass (https://lastpass.com).
Pallet companies also need policies in place to establish lock-outs after a system user has entered a pre-determined number of incorrect IDs or passwords, Nelson further recommended. And the same lock-out fail-safe needs to activate the moment an employee departs or is terminated from your pallet making business.
For protection of especially critical data, Winkler also advised multiple-authentication, such as the use of two or three passwords to access a Web site maintenance account, rather than just one. And he says companies whose data privacy is especially critical should consider investing in data leakage prevention software.
Employees should also stay on the look-out for ‘social engineering’ ploys – a fancy term for when a hacker who forsakes the digital black arts, and takes the easy route by tricking someone at your pallet making business into surrendering your crown jewels with a friendly phone call, or a seemingly innocuous email.
Regular meetings, e-newsletters or memos about security vigilance also offer an opportunity for pallet companies to update staff about the latest smoke-and-mirrors in vogue among hackers.
A popular hacker ploy lately, for example, is to regularly spam employees with marketing emails that seem to originate from a legitimate firm, and include a handy ‘unsubscribe’ link at the bottom. Unbeknownst to the recipient, clicking the link activates an invisible download of malware to their PC or other computer device – software that can be used to steal IDs, passwords, credit card numbers, client data and the like.
“Look at the link, and see where it’s coming from,” Winkler advised. If you don’t recognize the company, or the link seems hinky, don’t click it.
There are of course other ways to further toughen your security. But at a certain point, you’ll probably need to concede that your security will never be perfect – only hopefully, good enough.
“Anybody who sells you ‘perfect security’ is a fool or a liar,” Winkler said. “What security is about is risk management. The more you elevate security, the more you’re raising the bar, and the more exponentially you’re decreasing your risk.”
Editor’s Note: D.J. is a New York-based business consultant and IT writer, and he is a new contributor to Pallet Enterprise.
Key Information Sources
FBI Cyber Crime Prevention
https://www.fbi.gov/investigate/cyber
Symantec Security Report
https://www.symantec.com/security-center/threat-report
SBA Cyber Security Course
https://www.sba.gov/tools/sba-learning-center/training/cybersecurity-small-businesses
SBA Protection Tips
https://www.sba.gov/managing-business/cybersecurity/top-ten-cybersecurity-tips
