Given the multiple multi-national cyber attacks that have struck servers around the world in the last few weeks, companies would do well to take some time to focus on implementing some cybersecurity measures. Thwarting hackers requires understanding what they want — thinking of your network as a virtual representation of your property, hackers want some part of that property in a way that will pay off for them.
Here are five things hackers do and some easy ways to thwart them:
1. Hijack your transactions
If you discuss pending transactions over email, a hacker can get in the middle of your discussion. There are many cases where a hacker gets into an email system and redirects the message so the hacker can pretend to be the other party, continuing the transaction negotiations. When the deal closes and it’s time to wire the payment, guess whose account the money is deposited in? Not the party who’s been impersonated, that’s for sure.
2. Hijack your servers
Firewalls for your servers may not be the most exciting technology, but if yours aren’t up to snuff, the FBI just might show up at your door. Hackers use unprotected servers to launch cyber attacks and store the data they stole from other hacks. And if your servers are used in the commission of a crime, you’ll have to kiss them goodbye for a while: the FBI will need them to make their case. Even the most skilled lawyers will likely have a tough time getting them back for you anytime soon.
3. Sabotage your business
Competition can be ruthless. Payback can be brutal. Hackers use stolen information to interfere with business operations, take down websites, delete and change files, sell files to competitors, embarrass people, run wage disinformation campaigns — there’s no telling how many creative ways your information can be used against you. Hackers will be able to think of a lot more ways than you can — that’s their day job.
4. Sabotage your business from the inside
The last thing you want to think about is one of your own attacking you. But it happens all the time. Recently, a company was getting ready for a round of layoffs, and a network engineer found out that he would be on the chopping block. He deleted all of the configurations on all of the routers, leaving the company’s entire communications infrastructure crippled. Unfortunate insider attacks can happen when companies fail to take proper controls to secure email.
5. Leak or publish information
You may not be running for elected office, but you probably still don’t want your emails or internal information spread far and wide — or held hostage for ransom, especially if you’re in the middle of a merger, funding round, or a crisis. Whether the hackers’ intent is showing off their hacking abilities, trying to influence decisions or public opinion, shaming, whistleblowing, or disseminating confidential information, it’s still your information. And while reputable journalists publish information considered to be for the public good, not-so-reputable people do it for clicks.
Why small businesses are most vulnerable to hackers
Does your business have fewer than 100 employees? Then you are very attractive to hackers! This is because you probably haven’t taken steps to protect yourself in the same way that larger companies have. If it’s your habit to store passwords in one place or not have a password policy at all, this is like chum to the hacker sharks. And this can be devastating to startups and small businesses.
Keep in mind that even if you think it’s unlikely any of the above scenarios would play out for your business, you still have a fiduciary (and ethical) responsibility to prevent access to what hackers want — information that could harm someone else or steal from them. Depending on the situation, you could even have some degree of liability.
Free and cheap practices that can boost your security exponentially
The good news? You don’t need to go out and buy fancy firewalls. You can make your company (or home) more secure by implementing a few basic practices and using things you already have:
- Set up password expiration policies: Set a reminder to change your passwords every quarter or so.
- Set up a password lockout: Use lockout features to prevent account access after too many wrong password attempts.
- Set permissions for files: Use a “need-to-know” policy, especially amongst temporary and contract employees — it’s not rude, it’s smart.
- Encrypt hard drives: Enable encryption on each operating system (Windows 10, Mac)
- Use multi-factor authentication and biometrics if you can: Extra levels of security send hackers packing.
Trey Hawkins was co-founder and CTO of Virtex Networks, Inc., one of the nation’s first IT infrastructure service providers, when it was acquired by Leapfrog IT Services in 2001. Prior to founding Virtex, Trey ran Computer Associates’ enterprise software training center in Atlanta, where he honed his expertise in implementing and supporting enterprise management technology used by Fortune 500 companies.