How to Protect Against Common Hack Attacks

attack computer codeHacking is not really a new concept. In fact, the idea of breaking into a business to steal information, make a quick buck, or simply wreak havoc has been around pretty much as long as there have been businesses. The advent of online technologies has just upped the ante, so to speak, by increasing B2C connections and centralizing the data, making for a virtual smorgasbord that criminals can’t ignore.

Even worse, hackers are ahead of the game. They’re constantly finding new ways to break down defenses, exploit chinks in the armor, and defeat protective measures. This, of course, is also nothing new.

Build a better lock and thieves will find ways around it. The difficulty, as always, is that one party plays by the rules and the other delights in breaking them. That said, you can’t suffer the slings and arrows of outrageous fortune without at least trying to protect yourself.

At the very least there are privacy laws in place that mandate some effort on your part to protect the sensitive information entrusted to you by customers. That said, you also have an ethical responsibility to treat confidential information with the utmost care, and frankly, your business will suffer the most if that data is compromised, thanks to government penalties, possible lawsuits, and a damaged reputation.

What can you do? As it turns out, you can do a lot. Many businesses are sorely in need of increased protection from hackers. In some cases pricy upgrades are needed, but others rely on pure common sense. Here are some strategies to help you protect against the most common hack attacks.

Don’t Be an Easy Target

As in the real world, many crimes in the online arena are crimes of opportunity. Hackers are predators – why work hard for a kill when there are so many easy pickings available? If you’re not protecting yourself adequately, your company will pay the price.

Although the headlines often feature only the highest-profile hacks on mega-corporations, it’s much more common for small businesses to be targeted and compromised simply because they don’t have the same level of protection as their larger brethren. If you want to secure yourself against the most common attacks, you need to at least take basic measures.

A firewall is pretty much a given, as is antivirus/anti-spyware software. However, you can do a lot more on behalf of your company and your clients. For starters, you’re going to need a web application firewall (WAF) to protect your online operations the same way you protect your internal network.

From there you can consider more aggressive options like using encryption software, hiding your website’s CMS with security applications, and employing a third-party monitoring service, just for example. These measures can cost you, but likely not as much as a data breach will, and you can pick and choose the options that work best for your business.

Focus on Login Controls

One of the easiest points of ingress for hackers is often customer or employee logins. The good news is that you can do a lot to stymie hackers on this front.

Strong password requirements are a must, but you should also prompt users to change their password frequently and automatically log users out after short periods of inactivity. You can also use login software that doesn’t auto-populate fields.

If the password is wrong, don’t allow the username to display even if it was correct – clear all fields for additional login attempts and freeze the account following successive fails to log in. Two-step verification is also becoming more popular for added security.

Train Employees

Your protective tools are only as good as the people using them. Your password protections, for example, are worthless if users allow easy access to login information. Your firewalls can’t protect against ignorant behavior.

Training is therefore an essential element of protection. You may have software that warns network users about dangerous websites, but you also need to train them to navigate away instead of ignoring these warnings and behaving in a foolhardy manner.

Employees should also be warned against opening suspicious emails or clicking harmful links. With proper training your employees and even your customers can be taught how not to facilitate data breaches.

Hire Help

If you want to protect against hackers you may have to hire professional help. Whether you employ an on-site IT staff or you contract with third-party service providers, you should update and maintain your hardware and software regularly, monitor your network, and implement a system of alerts that warns you of suspicious activity. Early warning of hacking activity can be a very valuable protective measure.

What Can You Learn From the Panama Papers Leak?

panama papersWhen it comes to cyber security breaches, there have been some real doozies. In fact, there have been some appalling breaches in just the past couple of years. Just look at the 2014 hit on Sony that resulted in the broadcast of executive emails and the resignation of key executives (following the 2011 attack on Sony’s PlayStation Network that reportedly cost the company over $170 million dollars).

How about the 2015 attacks on health insurance providers (Anthem, Blue Cross), banking institutions (JPMorgan Chase and Co.), dating website Ashley Madison (which you’d think would have abundant security considering the secretive nature of its adulterous clientele), and even the government (Federal Office of Personnel Management, or OPM)? That’s not even mentioning the many data breaches on mega-corporations like Target and Home Depot.

The point is that no one, not even the largest, richest, and most powerful organizations in the world, is exempt from attempted (and probably successful) hacking. However, the Panama Papers incident has been cited as exceeding all of these breaches in scope.

The data breach (of which The Guardian news outlet provided a handy primer here), which resulted in the theft and subsequent publication of 11.5 million files from the databases of Panamanian legal firm Mossack Fonseca (the fourth largest offshore firm in the world), exposed the firm’s wealthy clientele, including a variety of world leaders. Included in the revelations was evidence implicating Russian President Vladimir Putin, Pakistani Prime Minister Nawaz Sharif, and Icelandic Prime Minister David Gunnlaugsson (among others) in shady and potentially illegal offshore activities.

Is there any good to be gleaned from this incident? If your business is the type to learn from the mistakes of others, the answer is yes. Perhaps the nature of the Panama Papers incident can serve as a warning. Here are a few things you could learn from this historic data breach.

The Attack was Simple

Since the Panama Papers leak, the method of the attack has come to light, and apparently the breach exploited a well-known weakness so simple that it could have been perpetrated by a child, much less a hacker of some skill.

This prompts the question: what are you doing to protect your website and network? Firewalls, antivirus programs, password protection, encryption, and monitoring are all great, but you need to stay up-to-date with known issues if you want the best chance to bolster your security and fight off intrusion. If you’re like most companies, you’re not even taking some of these common steps.

Valuable Data was Up for Grabs

As a business owner you know that some types of data are more valuable than others. For example, client names might not be as valuable as their social security numbers or credit card numbers.

Unfortunately, Mossack Fonseca failed spectacularly to adequately protect any of their client’s data, regardless of the relative value or need for privacy and confidentiality. In fact, it was discovered in the aftermath that sensitive data was regularly transferred via unsecured email, which would make it all too easy to get a hold of, even in the absence of the scope of hacking that occurred.

Additionally, data of a more sensitive nature was not compartmentalized and stored behind extra layers of security. Hackers had no trouble accessing and stealing everything, including the most private client data.

No One Noticed Unusual Activity

Simple network monitoring software or services could have easily spotted the enormous data transfer that occurred during the hack on Mossack Fonseca (amounting to 2.6 TB of data). This size of transfer is astronomical, and it should have immediately set off alarms and notification – if only proper monitoring had been in place.

Everyone Suffers

It’s no surprise that the Panama Papers leak had consequences for both the company and its clients. For example, David Gunnlaugsson stepped down as Prime Minister of Iceland following the leak, which revealed conflicts of interest in deals brokered after the financial crisis.

Other prominent world leaders were also revealed to have practiced unethical or even illegal activities relating to Mossack Fonseca, the least of which revolved around tax avoidance while the worst offenders appear to have stolen money from the very countries and people they represent. This, of course, is a worst-case scenario for any business, but the lesson is clear.

A company that allows such a data breach will lose clients, one way or another. Whether they leave due to lack of confidence or they find themselves so personally compromised by leaked data that they can no longer continue to function professionally, the company that allowed the breach is likely to be compromised beyond repair.