By Peter Kardel, CEO, Clever Ducks, ASCII Group Member Since 2009
Ransomware has become a lucrative business for hackers operating worldwide with the river of money flowing into their coffers fueling a cyber security arms race — good versus criminal — and putting you squarely in the crosshairs.
In the past, we worried about hackers as vandals and taggers in cyberspace. They were a nuisance to be sure, but the damage done was limited. Then the hacker trade matured, looking for your valuable data to steal, exploit, and sell. This was a sinister evolution that brought intolerable risks to businesses. Not only were the thieves stealing trade secrets, siphoning off funds, and disrupting business, they were also exposing firms to liability and loss of customers.
Many small business leaders felt growing unease but were comforted by reasoning they were too small to go after. “No one cares about our data” was a common refrain. That is so last year. A front has opened up in the cyber wars — hackers don’t need to steal your data, they simply have to lock you out using industrial strength cryptography, holding your data ransom in a virtual data Azkaban. The need to harden the defenses is more urgent than ever, and taking these three steps — putting your cyber warrior armor, so to speak — will help to keep your business safe.
- Banish Adobe Flash
Flash is a technology for playing website multimedia content in your browser and it has long been despised by IT people. Not only do Flash-enabled sites chew through your smartphone’s battery life, Flash itself is hopelessly promiscuous. Every few weeks another disastrous hole in Flash is discovered by security researchers, holes that are easily exploited to do terrible things to your computer. Patches for these bugs lag for days or weeks while hackers zealously attack computers on the net. What is so insidious is it just takes a snippet of evil code slipped into a compromised website to allow a hacker to take over your computer. So go ahead; kill Flash with fire. You probably won’t miss it since newer, safer, better multimedia technologies are already built into your updated browsers.
- Update And Patch Everything
Your data is precious, your work product you’ve expended part of your life developing or information about customers you are obliged to protect. You might say it is like your baby. It’s part of you. If your data is your baby, then your computer is like its crib. Using a computer with outdated, unpatched operating systems, applications, and utilities is like placing your baby in a crib that has been recalled. You got the notice urging action in the mail, but you’re really busy and don’t want to spend the time or money to make the crib safe. You’ll get to it later. Of course, you’d never take that chance with your child. Don’t take needless risks with your data, patch early and patch often. Here are some patching tips to keep in mind:
- Stay on supported versions: Technology providers can only keep a few generations of their products updated. It takes serious skills and resources to hunt down the bugs, fix the code, retest, and release patches, and the state of the security art is continually evolving. In some cases you will need to upgrade just to stay under the umbrella of support, even if the current functionality is acceptable. This can be vexing to business leaders. Not every system or program is likely to be exploited. Keep the big four listed below covered and you’ll be way ahead of most users.
- Operating systems: Windows and Mac OS have easy to use, built-in, automated patching systems. Make sure they are in working order, the patches are being applied, and the system rebooted. Take action if an issue like free disk space or system conflict backlogs the updating process.
- Browse with the best: Always use the latest, fully updated browser for your system. This is easy to do, usually handled by the patching of your OS, but you have to let go of the past and move on to the newer browser versions. There may be good reasons to delay moving to the newest version due to compatibility issues with browser based applications. Don’t get complacent though, upgrade as soon as you can.
- Don’t forget the apps and servers: These are the main applications you use such as MS Office, Quickbooks, CRM, and other line of business systems. These are big, heavily used, and common making them likely targets of hackers. As an added benefit, you have a fighting chance of recovering when technical issues arise if you’re running supported versions.
- Don’t ignore the core — update your utilities: Ok, the obvious one is your end point security software (antivirus). Make sure you have an active subscription — the latest version with the latest virus definitions. Other utilities to pay attention to are the Java Runtime and Adobe Acrobat which are frequently exploited by hackers. Fortunately, the newest versions are much more secure than in the past. Be sure to uninstall the old versions though; older versions of Java lurking on your system can be directly targeted.
- Implement Ad Blocking
Website ads can be annoying, but you pretty much ignore them as they cause no harm other than slower loading web pages and a little tax on your data plan, right? Enter malvertising, which would be really cool if it wasn’t so bad. Check how it works. Many websites are monetized by selling access to ad networks, passing along demographic information gleaned from your browser, cookies, IP address, advertising ID, etc. Visiting a site such as The New York Times will have hundreds of links to sites the Times has no control over. Any given page can have several ad networks woven in, all playing along to building the webpages you see.
You probably are way ahead of me now, thinking, “What if hackers were to compromise one of those ad networks, inserting a well-hidden, teenie weenie bit of malicious code?” Your browser dutifully processes it, letting loose the crooks on to your system. The malvertising code relies on exploiting an unpatched weakness in one or more parts of your system. I hate to interfere with how sites pay the bills, but the risk has become unacceptable. Until the ad industry can resolve this concern on their own, or regulators force them to, it is time to shut the door on these risky connections. It is time it install an ad blocker on your browsers. You may find some sites refusing to load since you are blocking ads. You can either whitelist the site, create a login to the site if they offer it, or skip the site all together.
Now that you’ve taken these simple steps to protect your data from theft or ransom, don’t you feel better? I do! It’s like you just put your baby in the latest, safest car seat and settled in for a smooth trip.