How Do You Know You've Been Hacked, Part 2

Created 4 years 181 days ago
by RitaP

Tags:
Categories: categoryTechnology
Views: 2582
by Scott M. Lewis

Real objectives of hacking can vary widely, but regardless of the motives, one of the things that hackers need is the ability to hide. Your system may have the perfect hiding spots. Hiding on a network is critical to the hacker because, in most cases, access was a crime of opportunity a user accidentally made, which opened the door. Once in the system, it will take time to navigate a path through your system to steal data or to use your network to host illicit websites or attack more substantial, more profitable targets. In the emerging IoT (Internet of Things), which is connected devices of convenience, there are new hiding spots to go along with the old favorite place hackers like to hide.

According to Entrepreneur Magazine, these are some favorite hiding spots. 

- Off-brand Apps: be wary of software and applications from companies that you may not have heard of in the past. Make sure that you thoroughly check and validate the company and the software before you load it. As a useful safety net, you might want to remove a user’s ability to load software which will stop the spread of viruses and will help in your software compliance. However, don’t forget about Smart Phones, mobile devices, and apps employees may download.

- Your new smart refrigerator: connected devices such as your refrigerator can be accessed and used to hide on your network to access computers and other services on your network. Between December 2019 and January 2020, a smart refrigerator sent out approximately 100,000 virus-infected emails.

- Social Media accounts: this one shouldn’t surprise anyone. Social media has been a favorite from the very beginning and will continue to be the favorite. Best word of caution is to not allow social media to be accessed on company computer systems unless that is their job within the company.

- Fax Machines: this is an area most companies overlook. They aren’t used often, but they are still on and connected to the network.

- Phone systems are all connected to your network and, in most cases, have pretty light security applied to them, thus providing the perfect hiding place.

I know what you are thinking; there has to be a way to detect security breaches. Early detection is key to limiting the damage to your company and your customers. Unfortunately, it isn’t as easy as it sounds, and it has to be something you are specifically looking for once they are in your system. Step number one is to make security a part of your culture. This means you are going to have to deal with the ongoing battle between convenience and security; they don’t necessarily go hand in hand. The more you open things up, the more at risk you are going to be. The other side of the coin is that you have to make your people as productive as possible, so you can’t build security too tight. Creating a culture of security, security training, and security awareness is key to any long-term security strategy.

Security is something that has to be continuously monitored. New and emerging threats are popping up continually. Therefore, making adjustments in your security countermeasures is key to keeping the company safe, which may buck the culture of your business. When that happens, users get upset, and the easy answer is to lower the protections to calm the noise, but there is a risk factor to that methodology. Having strong user policies and training is key to the overall mission of building a culture of security. Once people understand the problems, the solutions you implement tend to be more accepted.

To stay current with emerging cybercrime, it is essential to have an understanding of your enemy. Understanding their methods, their tactics, and how relentless the attacks can be, then you can implement detection and countermeasures to help in the counter-attack. Simply put, there are five new malware viruses detected every second, which is over seven thousand new malware viruses a day! Not taking into account ransomware, traditional viruses, internet threats, internal threats, and email threats that your system has to protect you from every day. Set your expectations correctly; if you think that last year’s protections are going to protect you this year, your expectations may be misplaced.

Staying modern is also key to an overall security plan. Older technologies have a hard time detecting and mitigating new threats, are often unable to recognize them, and will pass them through to the end-users. Companies have increased spending over the last few years on security and countermeasures. However, there are thousands of companies that haven’t yet which is putting us all at risk. I have always been a believer that you need a layered security approach. There isn’t one silver bullet software or hardware package that will provide all the protection you need. In the modern technology age, when you have a high usage of hosted applications, mobile users, cloud-based technologies, and in-house systems, you must use different strategies to protect all the potential system access points. There are advanced threat protection devices that will work in a combination of traditional security software and hardware security devices. These systems will supplement and work in conjunction with newer firewalls, anti-virus, ransomware protection, and threat detection software to help layer and protect your computing environment.

Check the Small Business Monthly next month for part three.

Scott Lewis is the President and CEO of Winning Technologies Group of Companies, which includes Liberty One Software. Scott has more than 36 years of experience in the technology industry and is a nationally recognized speaker and author on technology subjects. Scott has worked with hundreds of large and small businesses to empower them to use technology to improve work processes, increase productivity, and reduce costs. Scott has designed thousands of systems for large, medium, and small companies, and Winning Technologies’ goal is to work with companies on the selection, implementation, management, and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or call 877-379-8279.