Often a hacker can remain on your system for months, gathering data, exploiting your network and gradually making their way up the chain
The small to medium enterprise (SME) owner tends to think they have little or no data that is at all valuable and, as a result, issues of digital security are therefore not important for them. Even some of the more ‘tech savvy directors consider that the data they hold is inconsequential and worth very little to a potential hacker. And, as often there is no requirement under PCI rules for SMEs to have security, as they don’t hold credit card or payment details on their network, this view is strengthened.
However, this attitude masks the true intention of the cyber-criminal, which is to enter the network of third parties, i.e. your clients, who may well be holding and storing valuable information. The cycle then continues, as network after network is infiltrated, and potentially far more damaging breaches occur further on in the chain.
The most popular response to a potential hack is to revert to a backup. A good idea, if you can pinpoint the exact moment you were infiltrated. Often a hacker can remain on your system for months, gathering data, exploiting your network and gradually making their way up the chain.
Until you physically feel the consequences of a hack, or have someone trace the link back to you, you may be unaware that you’ve even been hit. So, if reverting to a backup, how far back do you go to completely clear the system? It takes minutes to hack, but often months to detect.
There are though, some simple, effective, solutions to both prevent and protect against potential breaches. And these are inexpensive and do not require considerable financial investment.
Log management: Regularly checking your system for irregularities is the surest way to spot a potential hack immediately. Whether you do this manually through your systems logs, or invest in software that can monitor and send alerts to you should a risk be detected, it is a crucial practice.
Patching: It is critical that you consistently update your software with the latest patches. Vulnerabilities will already exist, which is why updates are regularly released. By keeping your software current, you keep the chance of a weakness being found and exploited to a minimum.
Web controls: For companies that employ multiple members of staff, having web controls across the organisation can ensure consistency and protection. When employees look to download files, for example, you can automatically assign them to what is known as a sandbox. This is a secure, controlled area of your server that allows you to open a file without the risk of releasing something dangerous into the network. Here, you can check its legitimacy, or have it completely removed if you find something sinister.
Honey pot: A honey pot, in security terms, is a file or folder placed on a system that looks enticing to a potential hacker. It will advertise itself as holding valuable information and may contain a lot of data, in order to keep any hacker busily looking for non-existent ‘jewels’. There are two benefits to this. One, it diverts people away from the important data, and two, you know immediately that you are under threat if someone attempts to hack what is essentially an empty or worthless file.
If your company falls within the SME remit, do not shy away from data security issues. Rather, instigate a few simple actions that can help protect your data from a potential hack and all that a data loss may mean for you and your customers.
Colin Tankard is MD data security company Digital Pathways which is a specialist in the design, implementation and management of systems that ensure the security of all data whether at rest within the network, mobile device, in-storage or data in-transit across public or private networks.
If you liked this, you may wish to read the following:
Is your building a hack risk, by Colin Tankard, MD, Digital Pathways
Opportunities and threats
The boss of one of the UK’s leading data security firms welcomes faster connectivity but warns that it can also mean the ‘surface area’ for attacks is greater