Hackers love IT
Hackers are fond of IT and not in the same way that you and your engineers are. Using sophisticated coding, scams and phishing they can potentially access your IT infrastructure on the hunt for one thing: data. Stealing and selling sensitive personal information is a lucrative trade for cybercriminals. Mobile numbers, email addresses, bank details and login credentials are targeted which are then sold to marketing platforms, offered to malicious websites and monetised to credit card fraud. Hackers are good at the game they play and you don’t want them to win.
Theft without your knowledge
As a small to medium-size business (SMB) your employees are continuously accessing, processing and storing your clients’ personal data. Data may be stored locally on computers and servers, or remotely with a cloud service provider. Business nowadays is information-dependent and information spreads rapidly throughout your network. So much so that you probably don’t know the locality of all your data at any given time. Hackers take advantage of this situation, infiltrating your systems and stealing data, often without your knowledge. For any hacker accessing a source of personal information is like discovering a gold mine. For you, it is a data security nightmare, particularly in light of the newly implemented General Data Protection Regulation (GDPR).
In this white paper, you are going to examine some of the channels that hackers use to infiltrate your IT infrastructure. You will also consider some strategies to keep them at bay and how you can win the hacking game.
Websites
Data theft from websites is becoming increasingly common. Even the corporate giants such as Equifax are not safe when you think that in September 2017 the data of 145 million of its clients was stolen. Cyber attacks on websites, particularly those which are unsecured, are slick and prevalent. Hackers obviously target websites containing information they know they can use. For example, if their MO is to steal financial data, they use tools that fish for websites carrying that sort of information. The use of web-based applications also makes it easy for cybercriminals to access your database. It is easy then to steal your clients’ personal information and commit credit card and bank fraud. Or they can simply sell the information on the dark web. Quartz estimates that a full set of an individuals’ data, known as ‘fullz’ has a median price of about £20 converted to bitcoin.
Local storage
The hard drives on your computers and local servers form the treasure chest of your valuable sensitive data. Naturally, these systems are the most vulnerable to hackers. They become infected with malware which slowly but surely infiltrates your IT infrastructure. Trojans disguised legitimate software, creates backdoors in your security to let other forms of malware such as viruses, spyware and worms in. Spyware is the most dangerous when it comes to identity and data theft. As the name suggests, it hides in the background and monitors online activity, including logins with passwords and financial transactions using credit cards.
Local storage hardware could be seen as the ultimate prize for cyber crooks. They not only store your client, vendor and partner information but also harbour all your vital SMB data. Once malware is firmly rooted in your systems, there is nothing about your business that hackers won’t know.
Mobile devices
If your enterprise has bought into the BYOD practice, your employees will be using a range of mobile devices to work remotely or on the go. Using personal technologies for work poses another security problem. Does your IT department know how secure BYOD smartphones, laptops and tablets are? Have your employees used strong passwords that are regularly changed? Do you actively apply Mobile Device Management (MDM) tools to all BYOD endpoints? A single security breach of one device can mean that hackers have direct access to your network and can steal data at will.
Wi-Fi networks
Most businesses keep their Wi-Fi networks under safe lock and key, where they are protected by firewalls, strong passwords and even two-step verification. However, an unsecured network is an open invitation to hackers and with little or no effort they will be able to penetrate your systems.
Email is another platform that cybercriminals use to infect computers with malicious software or malware. Emails containing viruses are sent, with the malware usually concealed in an attachment. The viruses replicate in host computers and bring about Denial-of-Service (DoS) events. DoS simply means that your employees will be unable to access your IT infrastructure by using their legitimate credentials. Viruses in email can also result in all your contacts being spammed and also result in the unauthorised access of your company data.
PoS systems
If your enterprise is an online e-commerce operation, then you are a prime target for hackers wanting to commit financial fraud. Point-of-Sale (PoS) systems often have preloaded software that cyber thieves can hack via an unsecured Wi-Fi network. This fraudulent activity can directly impact an individual’s finance. Hackers can easily and quickly conduct unauthorised credit card transactions and you won’t realise that it has happened until it’s too late. It can take years to recover from a tarnished credit record.
What is to be done?
After reading all this you are probably exasperated thinking that you are at war with cybercriminals and that your IT infrastructure is the battlefield. And you’re right. Hackers are cunning and relentless, continually devising new schemes to access your network and steal your precious data. But this is a fight you cannot afford to lose.
The protection of personal data is not only a moral obligation. The GDPR mandates that you know all your data, that explicit consent has been obtained for its use, and that you have inculcated privacy by design into the accessing, processing and storing of your sensitive data. Now more than ever before, a data breach could ruin your reputation. Also, is your SMB able to sustain a financial penalty of €20 million of 4% of your annual turnover? Probably not. So what is to be done?
Managed services
Outsourcing the management of your IT infrastructure to a local Managed Service Provider (MSP) is one way of ensuring that you are the victor in the battle against cybercrime. The MSP will monitor your systems 24/7, offer remote and automated backup, offer virus intelligence in the cloud, and have the latest MDM tools. Your in-house IT team may be able to fix problems as they arise. However, with cybercrime and data theft on the rise, you need to have proactive business continuity solutions in place to avoid compromise of information. The MSP will create robust data backup and disaster recovery plans should your network experience any downtime. By forming a partnership with your MSP, you are protecting your data, your reputation and your revenue.
