The FBI arrested two alleged members of the hacking collectives LulzSec and Anonymous on Thursday morning in San Francisco and Phoenix. Search warrants were also being executed in New Jersey, Minnesota and Montana, an FBI official told FoxNews.com. A document purported to come from the FBI leaked online earlier this month called these hacker groups a national security threat. One individual was described as part of the LulzSec group, the other belongs to the group that calls itself Anonymous, the official said.
Once again in the news we hear stories of hacking groups and hackers who are up to no good and trying to bring down large corporations, governments or politically active sites. As small business owners we need to ask ourselves; Is this really relevant to us? Does hacking affect us? Are we targets for attacks? The answer is of course yes. Let’s take a look at what the effects can be and simple measures we can take to protect ourselves.
So what is a hacker anyway?
A person or persons who use computers to gain unauthorised access to data. This access to data is the key element to bear in mind. The end goal may be to obtain data that is valuable such as customer details, it may be to alter data in some way or it may be to delete or damage the data. Any of these can cause real harm to a business. Imagine the effect it would have if you lost your customer contact database, your saved emails were erased or your competitors got hold of your 5 year business plan.
Who would want to hack my business?
It is very unlikely that a big hacking group like Anonymous would have any desire to attack a small business network. In my mind there are 3 main sources of concern that each needs to be addressed.
The first is a competitor business. Although it may seem desperate imagine how useful it would be to be reading the emails of the MD of your biggest rival company. You can see what is going on there, who their customers are and plenty of other key bits of information.
Next we need to look at angry or bitter individuals. As the boss you will have to sometimes make decisions that others don’t like. The could be anything from not giving a refund to a customer, to letting a member of staff go. The staff issue is particularly tricky as they are in a position of trust and until this point will have had regular access to your computer systems. Not everyone you upset is going to be malicious and take vengeful action, but there is always a chance.
The third source of trouble is complete strangers. Just like you know to protect against viruses there are also people whose goal is to hijack your computer systems and use them for their own devices. They don’t care who they target and are likely to use software to scan for vulnerabilities to locate their targets. This process is often automated and can be hard to detect as there is no direct effect on your information.
What Should I Do, What Will It Cost?
The good news is that although there is clearly cause for concern, there is no need for panic. Some really simple steps can make you a lot safer and don’t need to cost anything at all.
-
Change your Passwords
This is the most basic of all steps you can take. It is so simple, so important and yet few people do it. If your password is ‘password’, ‘qwerty’ or your name then stop reading and change it now! Robotic programmes look for open services and try all the standard usernames and passwords very quickly.
Also annoying as it is, try to change your password often. A hack can be as simple as one employee reading another’s emails because they shared their password on time. If you change it every few months then this will stop that activity.
Finally on this topic is another one we all know but don’t do which is use different passwords for different accounts. Let’s say you sign up for an online shop and they somehow leak your password, you don’t want the people who have that information to also be able to look at your bank statements.
I use a brilliant website, Clipperz.com, to manage all my passwords. It works much better than my old brain and its accessible anywhere, securely.
-
Only Open What Needs To Be Open
Remote working is great. Remote access to your computer, emails and files is certainly a vital part of most business work these days. To reduce your openness to hacking you should aim to only offer the services you actually need, and only to those who actually need it. If a staff member should not be accessing services remotely then make sure they can not. If you don’t offer remote desktop services then make sure that is disabled. An IT Consultant can easily check your systems and close down ports that are not needed.
-
Backup, Backup, Backup
Simple really, if you get hacked and your information is damaged then this means you can get it back. Make sure you have an offsite backup that is not accessible by your usual systems. If someone gains access to your server and that has the only backup connected to it then they are going to destroy that backup too.
This isn’t going to stop hacking, but it could stop your business being destroyed so please take the time to make sure it happens and that you check it regularly.
-
IT and Security Policy
Once you have got good measures in place you need to ensure that your staff know what they are and that they must stick to them. Your policy should be clear and understandable and should help to make sure that everyone understands their responsibility for the overall safety of the business.
Stay Ahead of the Game
As technologies and their uses change there are always new ways to try to break in and misuse those technologies. A few years ago it would not have been important to secure your mobile phone, now it has all your emails, contacts and probably even documents on it. It is important to regularly review what you are doing and just have a think about what your dependencies are and where your vulnerabilities may be.
In my job I am regularly visiting clients and giving them an overview of simple things (or sometimes more complex where there is a genuine need) they can do to increase the security and resilience of their technology platform. It amazes me how open some business systems are and how things could go bad so quickly. Make sure you don’t make that mistake – be prepared.
Comments are closed.