Think you're too small for hackers to spend time trying to gain access to your sensitive information? Think again. Today's hackers employ automated "bots" that will hammer, day and night, looking for cracks in your armor. They have all the time in the world, and no potential target is overlooked. Chances are, as you are reading this, attempts are being made to access your network, your website, or your email server.
It used to be that hacking was done by humans, just to see if they could. Today, the motivator is financial gain and the tools are mostly automated. Legions of compromised computers around the world work round the clock trying to gain access to networks, infect other machines, harvest sensitive financial data and passwords, even send out spam emails.
What's the worst that could happen?
1) Computers on your network could be hijacked and used to send spam to your clients and contacts, or millions of people around the world. The result? Your reputation takes a huge hit, and your mailserver is blacklisted which prevents you from sending legitimate email to your customers. Slow network performance, downtime and expensive repairs will be experienced.
2) Your confidential business and personal financial information is disclosed to hackers. The result? Compromised bank account access information, and money starts to disappear from bank accounts. Competitors gain client lists and information about the financial health of your organization. Legal costs and losses mount, and often the losses, both in terms of money and trust, cannot be recovered.
Some common sense steps to take today
Hardened targets are resistant to attacks, and while no steps guarantee immunity, the more difficult you make it to attack your network, the safer you'll be. Attacks can take many forms. Here are a few measures you can take right now.
1) Set employee passwords yourself. Never allow employees to set their own password for network access and email. When left to their own devices, people will use passwords they can easily remember. Often, those passwords are weak - and already being used by the employee personally (their Facebook, Hotmail or Gmail password, for example). For any users who travel with laptops, netbooks and/or smartphones, change their password often, use encryption for login areas to prevent sniffing on motel/hotel wireless networks, and advise them to notify you immediately in the event of a lost or stolen device. You may have less than an hour to react.
Your network is only as secure as the weakest point of entry. For many companies, employees are the weakest link. A glaring example of this is the recent, much-publicised, compromise of the sensitive financial information of Twitter. (Read the story)
2) Passwords should never be the same as usernames. Or the word "password". Instead, use a series of numbers and letters that are random and not likely to be guessed via any kind of dictionary attack.
3) Update Java, Flash and other browser plugins on all machines on your network to the latest version, and remove previous versions. Older versions contain exploitable code that can be used to install malware on a user's computer via the simple act of a user visiting a compromised website. By the time the code executes, it's too late and the malware is now inside your network. Once inside, it propagates to other machines, secretly recording keystrokes and sending data back to the hackers. The best malware is always unnoticable, and with mutations and variants, antivirus software will not always catch it in time.
Author: John