There’s recently been many stories are emerging about hackers attacking South Australian small business and not for profits. Don’t ever assume that it’s only the big corporations that are the target of attack. Cyber criminals are not fussy. They’ll take money from anyone naïve enough to pay them a ransom.
It’s an ever evolving challenge to stay one step ahead of the hackers and stay safe online.
Unfortunately some companies that sell information technology solutions have been known to try to scare customers into buying their services. This is an underhanded, nasty and unethical way to win business that doesn’t go down well with the South Australian business community.
Here are a few practical steps you can take that won’t lock you into long term, expensive contracts with so-called experts.
According to ISACA (the International Information Systems Audit and Control Association), the top three cyber security threats facing business in 2016 are social engineering (52%), insider threats (40%) and advanced persistent threats (39%).
Social engineering attacks are where the hacker relies on tricking people into breaking normal security protocols. This is the old fashioned con game, where the criminal exploits naivety and willingness of people to be nice and helpful. Methods of social engineering attack include:
Baiting, when an attacker leaves a virus-infected physical device, such as a USB flash drive, in a place where it is sure to be found. The finder picks up the device and loads it into their computer, unintentionally installing the virus.
Phishing, when an attacker sends a fraudulent email disguised as a legitimate email, pretending to be from a trusted source. There have been many recent examples of emails that pretend to be invoices sent from AGL and emails pretending to be about a parcel that couldn’t be delivered by Australia Post. The email message is meant to trick the recipient into sharing personal or financial information, or clicking a link that installs a virus.
Spear phishing is when the message is tailored to be received by a specific individual or business.
Whaling is phishing targeted at high-profile end users such as executives, politicians and celebrities.
Pretexting, where an attacker lies to gain access to privileged information. For example, there have been recent attacks from criminals pretending to send emails from the ATO, claiming to need personal or financial information to confirm the identity of the email recipient so that they can be paid a tax refund. Another example of this is the attacker might pretend to be a senior executive who’s working out of the office and has some kind of urgent problem that requires access to financial records.
Ransomware, where the virus infects and encrypts all the files in all of the networked computers, then displays a message demanding a ransom be paid to unencrypt all the infected files. Many of the recent ransomware attacks on small business and small not-for-profit organisations in South Australia have been ransomware crypto-locking attacks.
Insider threats are much harder to guard against, as the attacker is an employee or officer of the business or organisation. The attacker gains trusted access to the network and computer systems then undertakes to deliberately cause harm to the organisation. I’ve personally experienced ‘lock-outs’ which were aimed to prevent these attacks from disgruntled information technology employees during periods of forced redundancies at a bank.
Advanced persistent threats are network attacks in which an unauthorised person gains access and remains undetected for a long period of time. The aim of these attacks is to quietly steal data without causing any noticeable damage to the network or organisation. These attacks are aimed at high value information from large corporations and government organisations.
Regularly backup all your data. And test that you can restore from your backup. This will ensure you’ll have a good chance of recovery from a disaster - any disaster, not just a virus infection. How often you backup is up to you. Just remember that the longer you leave it between backups, the longer the gap back to the last un-corrupted version of your files if you have to use a backup to recover from.
You should have information backed up onto devices that can be unplugged and taken off site. This is referred to as an ‘air-gap’, ensuring your backup data is not able to be accessed from your network. For a small business that can be as simple as an external hard-drive that you take home from the office every night. These cost as little as $77 from Officeworks.
Don’t rely on cloud-based backups for your off-site backups, as these are connected via your networks and can possibly become infected by a virus too!
Some basic steps to try to prevent attacks are:
- Be aware and vigilant. Prevention is the best form of defence. Keep all your employees aware of all the possible threats and to never let their guard down.
- Anti-virus software. Insist good quality anti-virus software be installed on every device that connects into your business or organisation’s computer network. Software such as Kaspersky Anti-Virus is worth the investment, as its databases are constantly being updated to prevent the latest threats.
- Protect your borders. You must ensure any information you provide access to from outside your business or organisation is in a separate, protected network. For example, your website must be hosted by an external provider or in a DMZ (de-militarised zone) with firewalls blocking unauthorised access.
- Penetration testing. Engage a good, reliable supplier (refer to our approved Supplier List) to test how well you are protecting your valuable information, by testing how easy it is to penetrate the defences. Be sure implement all the improvements they suggest!
Respond to attack
When you’re attacked it’s important to respond appropriately. Note I’m saying ‘when’ not ‘if’ you are attacked, as it is almost impossible to avoid attack in today’s connected world!
Recovering from attack can take days, and you may never fully recover all of your information if you haven’t been disciplined with backups.
The first thing to do if you think you’re computer’s been hacked is to unplug its network cable. Immediately tell everyone in your business that there’s a suspected problem, to try to limit the reach of the virus.
Do not try to fix the problem yourself! Ask a professional for help to detect, disinfect and restore from backup.
Tell us your stories!
What horror stories about hacking attacks have you heard about or been involved with?
The more we are all aware of what can go wrong, the better chance we have of mitigating the risks!
Wiser Connections is here to help
Our consultants have many years’ experience in the industry and we are here to help. We pride ourselves on being able to find appropriate solutions for your issues, whilst remaining fiercely independent of other information technology providers.
Please contact us today to have one of our consultants discuss your planning needs and to chat about how Wiser Connections can assist your business.
Resources for further reading
ISACA 2016 Cybersecurity Snapshot, January 2016, available at http://www.isaca.org/pages/2016-cybersecurity-snapshot.aspx
TechTarget definitions for social engineering, phishing, whaling, insider threats and advanced persistent threats, available at http://searchsecurity.techtarget.com/
State Government of South Australia’s publicly available Information Security Management Framework (ISMF), available at http://digital.sa.gov.au/resources/topic/policies-guidelines-and-standards/security/information-security-management-framework