Earlier this year, a global hack infiltrated the computers of hospitals and governments through a vulnerability in Microsoft’s Office software that had been reported about weeks previously, but not to the degree that enough people got the message before hackers took full advantage. If at the time of the original reporting, users had manually updated their Microsoft software, they should have been fine; that being said, clearly many did not and a ton of people paid the price. Not only were patients in hospitals vulnerable to the hijacked-for-ransom computers, businesses and governments were vulnerable, making this a hack that threatened livelihoods and literal lives. This is why it is vital for you to protect yourself and your business to the max.
The first step is to update; many of the most prominent cyber vulnerabilities lay in programs on your computer that should have been updated, with updates containing patches and fixes to those vulnerabilities, but which you’ve avoided updating. Sometimes, you don’t even know an update is necessary, which is an aspect of cyber-security that programmers and designers must improve ASAP; but, that means that you cannot rely on the idea that your computer will let you know when you need to update. If it does, make sure you do; but also set aside time regularly to check various programs on your devices for updates. These updates, like the ones Apple insists on regularly, can be inconvenient at the moment, but lifesaving in the long run.
With the recent Microsoft hack, the company had blogged about the problem and some journalists had picked up the story; but, there was no automated update prompt and no wide-spread alert. I had to go to the Microsoft website to figure out how to update my software in order to ensure that I was protected. I have very little of value to protect on my almost-antiquated laptop; but, I make my living on this device and it holds memories and important files that would be a pain to lose. If you have a business that relies on computer use and Internet access, you likely have even more to potentially use. Update your…everything. Earlier in the year, WikiLeaks revealed that the CIA had discovered ways to hack various devices and software programs generally through outdated versions of the software. If your devices and software weren’t updated then and aren’t updated now, the information is not only in the hands of the CIA as to how to access your cyber-life, it is also now public information available to hackers who can make a tremendous living by taking devices hostage, especially devices belonging to businesses.
Updates are going to be specific to the device in question, so I recommend turning to Google for specific step-by-step instructions for your particular router, computer, smart-device, et cetera.
In addition to keeping your devices and software up-to-date, make sure you keep them sufficiently password protected. Experts advise having unique passwords across devices and platforms, ones that are complicated with numbers and punctuation when possible, and especially ones that are as random as possible. It is also recommended to renew these passwords regularly, like more than every 6 months regularly. Many platforms like online banks and email accounts have started incorporating prompts for updating security information to automatically push you to protect your devices and data; as a business, you should set up a program, either with a security company, your IT department, or with a detail-oriented calendar-checker to make sure all passwords are updated, strong and unique. Passwords for things like the Wi-Fi, router, et cetera should be on a need-to-no basis. Your devices and platforms, like email, should also incorporate multiple-authentication when possible. Gmail, for example, offers dual-authentication like receiving a code via text message when you sign in from an unfamiliar device.
When it comes to Wi-Fi, it is safest to have as few people access it as possible, especially if it accesses devices that carry sensitive, valuable data. This is why many businesses like coffee shops have a public Wi-Fi for customers that is different than that utilized by the company’s devices. Not only does this ensure speed of performance, it also minimizes the chances that an innocent-seeming customer will access customer and business data through publicly available Wi-Fi. Even if you don’t have public accessing your Wi-Fi, you may want to ban personal devices from accessing it; someone’s smartphone could carry a bug from their more vulnerable home network to your business.
As a business in this day and age, your IT department is one of your most vital assets. Make sure your IT employees are up-to-date on the latest Internet threats and security measures and figure out ways to implement company-wide training to ensure that all employees are up-to-date also. This means monitoring the trends in spam email, the vulnerabilities in various software, the science behind password strength, and more. The IT department should also enforce device and software updates, or at least keep track of when they are necessary so that they can be enforced.
There are also a variety of business-friendly cyber security companies who monitor hacking movements and trends, working continuously to be either ahead-of-the-game or close behind in order to ensure businesses are protected. You can sign up for such programs for yearly or monthly payments based on employee numbers and other such considerations. The type of cyber security you’ll want to implement will depend on your specific industry, devices, and vulnerabilities; this is the type of research that should be done extensively and in detail either by your IT department or whoever. You want to find a program that is affordable, yes, but that is also high-quality and up-to-date on the latest threats. This is an investment that is worth it when you consider that hackers can make millions of dollars easily by accessing your data and devices. One article from CNN estimated that 300,000 devices were affected in 150 countries by the recent cyber-hack. While the ransomware didn’t get much return on its efforts because of law enforcement and government advice not to pay out the ransoms, there was definitely lost business, time and confidence to the various businesses that were affected. Anyone in business knows that time and confidence are vital aspects of a company’s stability and future/continued success.
In 2015, the FBI received reports of approximately $24 million being paid to hackers for similar ransomware attacks. Many hackers work for the “good” side of things, for example as bug hackers who search for bugs in extant programs and devices which are rewarded by various companies, like Google or Apple, or Microsoft who was likely alerted to the hole in their software by one such bug hacker. That being said, many hackers know that they can make tremendous amounts of money by working for the “bad guys” or being the bad guys themselves. This makes sense when you consider one of the most notorious currently active hackers, Yevgeny Bogachev. Bogachev has a $3 million bounty on his head from the US government; but, he is being protected likely by the Russian government, meaning that he is more valuable to them than $3 million. One journalist writes: “Bogachev and his group developed the most powerful Trojan in history—a virus capable of copying bank and credit card numbers, passwords and other sensitive financial information without leaving a trace. The FBI estimates [the program] netted its inventors more than $100 million.”
Cyber-security is no joke, so take it seriously!