Businesses all over the nation go through each day with security in the back of their mind. WAY back in their mind because they think it will never happen to them. They remain out of the spotlight. They are not a Target or Home Depot. They may have 10, 20 or even 100 employees and think "why would anyone want my information?"
The fact is that the bad guys are figuring out quickly that small businesses lack even basic security practices. Not patching a system makes is easy even for the not so proficient hacker to get into a system. I deal with a lot of small businesses. In most, but not all cases convincing them to take some precautions like putting in a good router, patching systems and even changing passwords is not very difficult. There are a few that will not listen.
I know of a recent case. A company refused to patch and put some simple security procedures in place. They were an escrow company. HUH??? So they are wiring millions of dollars all over the place but securing the network, not such a big deal because they were small enough that nobody would even bother with them and they barely had a web site so they were hidden.
Um... news for you. The bad guys scan the Internet every day for servers out there and can do that very easily courtesy of tools developed by a University (I am not saying which). The tool goes out every week and scans the entire Internet to find every server out there, what software it runs and will an addition of some other tools can tell you what ports (doors are open) and even what flawed software they are running. A little research. A little social engineering and bingo.
A few days later their accountant is trying pay some bills. Errors. Keeps saying there is a login error to their bank account. Once they finally reset the password (the hackers reset it that's why they could not get in) the find that $100,000's of dollars were sent to Russia and even more to China. Some of the money was recovered... but I can not say the same thing for the company itself. They don't exist. They were not big. They didn't do a ton of business like a Target. They didn't bother paying a professional a few thousand dollars to harden the defenses. Instead.. they thought they were invisible.
Well they are now!! The thing is that frankly nothing is bullet proof. Just like I cant keep someone from getting into my house if they really want to get into my house but I sure am going to put a bunch of roadblocks in their way. The longer any bad guy spends trying to get in the more chance there is he will give up. That is reality. I can not protect any business 100%.
As I say to my clients and anyone who asks. At least lock the door. By not patching (patching is the updates that Microsoft diligently puts out every 2nd Tuesday of every month to fix all of the holes they find) or putting some better equipment in you might at well hang a sign on the door saying "Come on in. Have a look around. Take what you like. I will never know you were here."
Hopefully as I write this some businesses will at least consider looking at things but if you don't know where to start, Google it. Otherwise call a qualified security professional. I have see a lot of bad security practices folks. (More on that later). Do something. It is better than nothing..!!
No comments:
Post a Comment