Tech security, hacking prevention methods & cyber warfare – part 2

by Ralph Eck | Mar 06, 2014

The recent Target security breach has gotten everyone’s attention and raised many questions about how such a thing could happen. Security breaches among major retailers are not completely uncommon, but having 40 million debit and credit cards accounts stolen (along with personal information for up to 110  million shoppers) is off the charts and points to an epic failure in the system. In the case of Target, subsequent investigations are showing that the point of failure came through a stolen identity from a vendor that was servicing Target and had access to the company’s database. While the vendor in question did not handle the store’s credit or debit payment processing, the stolen credentials gave hacker’s access to Target’s network.   To help illustrate this scenario, one security official draws the analogy between a network and a house. There may be several doors, each with a different lock. All it takes is for one key to get stolen for a perpetrator to gain entry. Once inside, he can stealthily move between rooms and hide to avoid detection.

Securing Your Infrastructure

So again the central question and concern the Target breach has raised for many small businesses can be expressed as follows: if a major retail giant with enormous resources experienced such a massive breach, what chance do we possibly have to stand against hackers and other cybercriminals? Actually, the Target incident is a teachable moment in the world of cybersecurity and points to a number of deliberate steps that any small business owner can take to protect valuable company assets.

So what are some practical measures your company can start to take today to secure its infrastructure? Below we’ve outlined a set of best practices that will help ensure your computers, data assets, and network are given maximum protection against security vulnerabilities posed by malware, spam, and viruses.

• Regularly update anti-virus software: While budgets are tight the risks of not having your network secured with the appropriate firewall and business class anti-virus technology far outweigh the costs. Ensure that your software is updated with the latest patches and that all applications, email programs, and browsers are covered.

• Require stronger passwords: Make sure that all employee accounts are protected with strong passwords and limit administrator privileges only to employees that absolutely need this access. Require passwords that are long and contain many numbers and symbols as this helps protect against the likelihood of unwanted access to proprietary assets.

• Secure your browser: Web browsers are one of the biggest points of security vulnerability. Malware frequently hitches to ads and other unreliable downloads  and can inject viruses into your computer, putting your data at risk. Ensure that you only transmit personal information over a secure connection and always use an HTTPS connection when accessing the internet from a device with company information.

• Change router default security settings: Router manufacturers often use the same default login information such as “admin” or “password” or some simple word. Since these are known to hackers, it’s important to change the default settings immediately upon setup.

• Frequently backup your critical data: This should seem self-evident but it bears repeating. Set your system to automatically backup all important data such as financial records, legal information, customer account information, and proprietary databases.

• Educate your staff: Education is the best policy for improving security awareness and effectiveness among your employees. Holding an annual compliance review to help enforce the importance of password protection and outline company security policies will go a long way to protecting the organization’s assets.

• Develop a cybersecurity emergency plan: In the event of a breach, have a plan in place to identify and close the vulnerability, work with third-party security experts, and provide transparent updates to partners and customers.

In the next part of this series we’ll shift the focus from protecting your company infrastructure to actual hacking prevention methods that mitigate the risks to your business posed by cyber criminals. Stay tuned!