Download our 17 Step Sales Process Today and start closing more monthly recurring revenue immediately.
A few weeks ago, one of Ulistic’s clients Raffi Jamgotchian from Triada Networks, a New York City Cyber Security consulting firm presented a fantastic webinar on data breaches. Worth checking out.
The 5 Stages of a Data Breach
Hackers begin by gathering as much information on your company as possible through a variety of methods. Spam emails and phishing scams sent to your employees’ accounts, purchased intelligence from third party sources, security search engines like Shodan, and even Google provide them with basic necessary information. There’s more information about your company on the web than you might think, and hackers want it all.
Then, a recon program will infiltrate your system to gather information on different devices in the network. This will determine identification for the separate devices, where the valuable information likely is, and if there are any other networks connected to this one. Any low-priority computers will be compromised to serve the hackers purposes
High value targets will then be leveraged for greater mobility within your network. The hacker will escalate their privileges by guessing passwords, as many users tend to leave theirs as the default, which only makes the hacker’s job easier. Once they have an administrator account, they can access the server to target the most valuable information: client and employee financial information, social security numbers and health records, all of which can be monetized for sale on the black market.
If the hacker believes your business could yield further valuable information in the future, they will set up back door access that will allow them to return and steal more data without tripping an alarm.
In the last stage the hacker will export all valuable information, which tends to be surprisingly easy given that most small businesses don’t monitor what leaves their network. The data can be sent to any server through a website, such as Dropbox or Google Drive, where the hacker access it with ease for sale at a later date.
What Can We Do About It?
There are resources available to companies to help them determine what their digital vulnerabilities are:
This list covers a variety of ways in which security teams can help ensure their clients’ digital security, including:
Know your system by keeping track of authorizations, legitimate accounts and be sure to prevent connection from outside wireless devices. Furthermore, be sure that your system is robust for your needs; improper configuration often leads to critical vulnerabilities. Also, properly train your employees so they know what they’re dealing with, what the security procedures are, and how to identify a security concern when it arises.
Be sure to prevent remote access from any service that doesn’t seem legitimate, and those that you do grant remote access to should be filtered appropriately. To prevent exports to external servers, be sure to control the flow of data both in and out. Also, keep your critical networks separate to prevent hackers from accessing all networks by hacking just one of them.
Ensure that your business has a dependable automatic backup system in place, and test it regularly to guarantee its feasibility if your company suffers a disaster.
Keep your anti-virus software up to date and your firewalls properly configured to ensure against malicious digital threats.
Maintain all your hardware and software to keep them up to date with patches and known vulnerabilities. Keep track of your activity by reviewing audit logs and responding to incidents in systematic way. Conduct regular internal and external penetration tests that mimic attacks and identify vulnerabilities that you may not have foreseen. Overall, develop an effective plan and stick to it.
What Can You Do About It?
This is a lot for any small company to keep track of. If your IT department is limited, or you are without a security vendor, there are still measures you can take to help supplement your business’ digital security against data breaches. The keys to your basic security are:
To learn more about Triada Networks visit https://www.triadanet.com.
Stuart Crawford serves as Creative Director and CEO with Sebring, FL and Fort Erie, ON-based Ulistic, a specialty MSP Marketing firm focused on information technology marketing and business development. He brings a wealth of knowledge and experience pertaining to how technology business owners and IT firms can use marketing as a vehicle to obtain success.