Learn how you may be putting your office and your business at risk every day
OK, I admit it: computer cannot do the damage all by itself. You, as a computer user, are responsible for what you do with it. Companies big and small are getting compromised every day; some by a random virus, others by a deliberate hack attack.
Here are a few examples of companies getting hacked:
http://www.benzinga.com/news/events/11/06/1172373/adp-hacked This story reported in June of 2011 of Automatic Data Processing, Inc. investigating an intrusion that occurred with a recently acquired benefits administration provider. The intrusion was detected by the ADP security team during routine system monitoring.
Internet Vandals Hack Plainfield School District’s Computer System
http://www.nj.com/news/index.ssf/2011/01/internet_vandals_hack_plainfie.htm This article posted in January 2011 describes how the internal computer information system for the Plainfield School District was hacked allowing those with access to falsely announce that students only needed one credit to graduate and that school lunches cost $9,000.
Children’s Place Says Customer Database Hackedhttp://www.foxbusiness.com/technology/2011/04/20/childrens-place-says-customer-database-hacked/ In April of 2011 the Children’s Place Retail Stores Inc. said its customer database has been hacked, and clients were sent an unauthorized email directing them to a website where they were asked to enter their credit card numbers for a software upgrade.
Two Men Hacked Into 120,000 Apple iPads Using AT&T Network
http://www.nj.com/business/index.ssf/2011/01/two_men_charged_with_hacking_i.html In January of 2011 U.S. prosecutors accused two men of hacking AT&T Inc.’s computer servers to steal e-mail addresses and personal data of about 120,000 Apple Inc. iPad users in June of 2010; AT&T apologized to iPad 3G tabled users whose emails were exposed during a security breach.
After Breach, Companies Warn of E-Mail Fraud
http://www.nytimes.com/2011/04/05/business/05hack.html In April of 2011,
a giant security breach took place at an online marketing firm. The breach exposed millions of e-mail addresses, including some with customer names, of the nation’s companies, including giants as JPMorgan Chase, Citibank, Walgreens and Target. While the exact number of people affected is still unknown, security experts say that this breach may be among the largest ever.
If you want to join this list and become a statistic, here is my list of 10 Sure Ways to Compromise Your Business While Using a Computer:
(Disclaimer – do not take the points below literally – jokes aside, follow Practical Advice under each point.)
10. Use Weak Passwords
I’ve seen it in my lifetime in IT. People choose passwords like “Jonny” and “nygiants” and feel safe (some of you reading may say “Gee, I better make it Johnny1 now”). There are passwords that even babies can crack! There is a reason that banks and Google-alikes ask you for a secure password – a combination of letters, numbers, and special characters that would be so random, that it would be tough to break. It may not be easy for you to remember, but it is surely easier than trying to rebuild your data and your identity after your stuff had been hacked. So if you want to invite someone into your accounts, settings and options, just go ahead and choose “password” or “test123” for a password.
Practical Advice:please come up with an ugly and tough-to-swallow but secure password. Make it your business to remember it. Practice if you must.
9. Use the Same Password Everywhere
It is nice to have a convenience of a “master key” for a password. It is very tempting to go with it. It is also very tempting for thieves to get their hands on. Some people make it their business to target those with master keys. Just keep it in mind if you want to let someone walk all over your data.
And oh… yea! Never change it and keep it forever! This way someone from long ago who was once trusted with your sensitive information may gain access to it. Do you remember everyone who has had access to your computer, email, Laptop, Google and iTunes account? Everyone? Tech support? Former Secretary? Your brother’s neighbor’s kid cousin whom you thought can fix your laptop?
Practical Advice:Have different username and password combinations for each authorization point, and change them frequently. Trust no one.
8. Share the Passwords
Have everyone log in to each of your computers by using “user” and “password”. Use the same for all, so people can mess with each other’s mail and computers at the whim. Even more damaging – as soon as someone leaves your company, all they have to do is log into their buddies’ accounts and do what they please – send a memo to all employees condemning you to burn in where the sun don’t shine, or better yet, send a mass-email to your clients and advising them that you are out of business.
Practical Advice:Have different usernames and passwords for each employee, and for every authorization point: desktop, email, accounting program, website control access, etc.
7. Keep Passwords Public
Do you have a post-it with your passwords somewhere around your desk space? How many employees do you have? Who else visits your chambers – cleaning crew, delivery couriers, electricians, outsourced IT staff? So… how many people get to see your password? You don’t even have to highlight it and mark it “hack me. Now when you let go of some of your employees, they log into their ex-coworker’s email account – since they were aware of that password that was visible to any passer-by, and off you go.
Practical Advice:Have all your employees, including yourself, keep their passwords to themselves.
6. Stop Updating your Anti-Virus
One of ways to get your computer infected is to forget to update your antivirus. Just forget that those virus definitions are being added for a reason. This way as soon as the new virus comes along, it should be able to penetrate your vulnerable computer system.
Forget about the malware while you at it, too.
Practical Advice:Stay up-to-date with virus definitions. An update process comes with your software. Set it to run updates automatically.
5. Do Not Have an Anti-Virus at all.
Virus-Schmirus. Nobody can get you! You are tough! Just take your chances. OK, this one is a stretch – pretty much everyone has some form of anti-virus defense nowadays. Nevertheless a lot of people install it once and forget to update, upgrade, or even renew the license (that would also file them under the software piracy category).
Increase you risk by thinking that if you do not browse the web, you are safe. By forget that email cannot be received without being connected to the internet, double that risk.
Practical Advice:Keep your software legit, and up-to-date. Be aware of different methods viruses gets introduced into your system – not just by browsing the web and opening email attachments, but also by connecting to other infected devices – other computers on the networks, USBs and flash drives, etc.
4. Download, Install and Click on Everything!
Now that you have less-then-adequate anti-virus protection, just start opening all attachments, especially unsolicited attachments that claim to have your invoice details, link to banking accounts, zipped images, and large sums of money sent to you directly from Nigeria or Ukraine.
Not just that – also open everything that alerts you that your computer have been hacked, spoofed, phished, infected and generally crashed. Especially when it blinks pretty colors, urging you to install their program.
Practical Advice:When in doubt, throw it out. If you need to inspect your machine for viruses and other junk, open your antivirus program that had been already installed on your computer. If you paid your money to Eset for antivirus protection, open your Eset program directly from your computer, and treat anything else that spontaneously pops up with a healthy dose of suspicion. If you are not sure what to do, ask your IT administrator for help.
3. Ehh… What Firewall?
Have your computer and business data compromised by not having a firewall – a device between your computer system and the rest of the cabled world, protecting the insides from the outsides, so to speak. Many hackers use programs that search the Internet for computers with ports open. When they find a computer without protection, they can access your computer through an open port and steal your data – or use your data against you, by using, changing or damaging the files on your computer or your entire business network.
Practical Advice:Get a good firewall, and use it properly.
2. Go Wireless without Encryption
Wireless networks present another opportunity for a hacker. Anyone with an amplifier and an antenna can access, intercept and use your wireless network – and it does not take much to learn how to do it. If you are using a wireless network and want to get hacked, just disable encryption on all and every transmission and place the transmitters not as far as possible from your outside wall but directly on the window sill; start using sensitive data, then see if any of you neighbors look at you funny, or if any of your business data gets cracked.
Practical Advice: Make sure encryption is enabled, and your environment is set up correctly. If you are not sure how to do this, consult with your IT professional.
…and the number one way to compromise your business while using computers is…
1. Remember, You Are Invincible!
You will be amazed to find out how many people take their computer security for granted. “It would never happen to me” mentality is the number one saboteur of the security protocols. Sometimes people believe they – their businesses – are invincible. They are just meant to be successful and nothing can touch them. But most of the time small business owners believe they are just a small fish – who is going to bother to hack the dental office or elementary school – it’s big shots with millions in accounts who are the targets of the hackers, right? Wrong! You would be surprised how many fall to the attacks that happen either by a random virus or by someone just because they can.
Practical Advice:It is not paranoia when someone is out to get you. And in the world of computer viruses, corporate espionage, ambitious hackers and plain good-old disgruntled employees it is always better be safe than sorry.
In conclusion: In the world of ever-changing security threats nobody can guarantee iron-clad cyber safety, but when you start practicing the Practical Advice steps above, you will be off to a good start.
Need Computer Network and Tech Support services? Call our office at 201-493-1414