What Can Your Business Learn from a Hack?
Becoming the victim of a cyberattack is never easy to get over but unfortunately in today’s online virtual world, we are seeing more and more businesses suffer at the hands of these technical hackers. It might be an uncomfortable thought but it is probably not a matter of if you will be hacked, but when. That said, there are lots of lessons we can learn from the experiences of other companies and indeed from our own exposure to cyber crime.
Key Lessons To Learn:
Pay More Attention to Your Weakest Link
As both multi million dollar companies, Twitter and Sony recently discovered, it doesn’t matter what technical security measures you have in place, a break in protocol can put your business and the information of your clients at risk. Human error and a seemingly mindless lack of judgement by an employee can potentially have grave consequences.
In the case of Twitter, the breach was caused by a social engineering hack. There was no attack on the network, but instead they preyed on the human element in the team, inadvertently getting members of staff to grant access to user credentials. It was a clever tactic that exploited ignorance and the knock on effect involved huge amounts of stolen money and the profiles of highly influential people being compromised.
The attack could have been much worse but thankfully no ransomware was involved and so the damage was limited. Twitter’s reputation was tainted, however, and in the competitive world we live in, you need your customers to have faith and trust in the service you provide for them.
Keep Staff Vigilant…
Make sure every member of your staff is managing passwords correctly and following your best data practices.
Remind staff not to get too comfortable. When they receive an email that is apparently from the tech team, get them to question it before they action the request.
Use Best Practice and Train Your Team
Best practice for your business must be employed if you are going to stand up to the threat of social engineering. While we still don’t know if, in the case of Twitter, the success of the attack was due to ignorance or a bribed accomplice, someone had access to things they should not have. It is really difficult to accept that a member of your staff might be tricked into clicking the wrong link and compromising your system but this is how social engineering works. Human nature is easy to manipulate and that is what the hackers capitalise on. Naturally we, as people, want to help and so we are open to others taking advantage.
The lesson here is to train your team. Our team at Defended Solutions, can help you do that, so you can rest assured that all bases are covered. Even small businesses are not invisible to hackers, especially if they have links to larger organisations.
Communication
Communication is key. Keep avenues of communication to your team and your clients open and accessible if there has been a hack. It may feel hard to admit a breach but being open and honest from the start will mean that nothing comes back to haunt you in the future. It is much better to tell your clients as soon as you can so that they can do their bit to protect themselves by changing passwords and checking accounts. Definitely do not try to disguise the hack and compromise data further.
The company Monster.com waited several days after discovering a hack before disclosing it and they suffered a hefty price. Their reputation took a huge hit when they left users in the firing line because they didn’t close down their accounts immediately; a tough lesson to learn.
Stay on Top of Social Media
It is really important to stay on top of your social media. The sooner you identify a hack the easier it is to regain control and the less damage is done. Responding quickly is paramount.
Firewalls
It is somewhat archaic to trust completely in firewalls. Sony is a prime example of why we can’t rely on their effectiveness. Sony’s downfall was their blatantly obvious file naming, such as ‘Master_Password_Sheet’, and their non encrypted content. They ignored the basics and arguably invited the hackers in to take what they wanted. The criminals were able to access all the machines as they had the list of passwords. Sony had rested on their laurels believing that more complex firewalls would protect them. They were wrong.
Unfortunately firewalls are not effective enough when it comes to clever hackers. You need to encrypt spreadsheets where you can and use password management software too. You need to treat everything like it is a potential target. Forewarned is forearmed.
Defended Solutions can help you install all of these measures to protect your business.
Don’t Rely End-to-end Encryption on Files
Big business Target lost millions of records in one of the most famous security breaches when malware was installed on the box that employees use to swipe themselves into the offices. The hack may have been designed and initiated remotely, but it played havoc right on the company’s doorstep.
Just because your files are guarded in protected server facilities, it doesn’t mean they are completely secure. We often forget the threat that is right in front of us. Remember to keep your computer safe by closing it down when you're not using it, enable a PIN on your phone and encrypt your wi-fi. This might sound obvious but some hackers may well be closer in proximity than you think.
Employ the Experts
Managing IT is not everyone’s forte and there is nothing wrong in admitting that you need help. It is a part of your business that is in increasing need of protection, as we can’t get away from the fact that cybercrime is on the rise. If you need help managing your online presence, protecting the data of your valued clients and keeping your systems healthy and free from viruses and potential hacks, outsource your IT security to our consultants who are expert in what they do. You can then relax in the knowledge that your networks are as secure as they can be and your clients can see that you are doing all you can to keep their data safe and your systems functioning.
