It’s all over the news on a regular basis — a large company gets hacked into and sensitive customer and employee data is stolen and then sold on the digital black market. Although the large companies (Home Depot, Neiman Marcus, Target, etc.) get all the attention in the press, it is actually companies with fewer than 250 employees that are the target of most hacking attempts.
So why are you the big target even though you are a small or medium business?
- Lack of IT support staff to set up your technology
- Lack of IT support staff for real-time monitoring of your network
- Small business owners and managers are too busy to keep up on HR changes
Lack of IT support staff to set up your technology
Most small and medium businesses don’t have the budget for a full-time IT staff member, so they often rely on themselves to purchase and set up their Internet connection, router, network switches and security software. You may be surprised to find out that about 35% of companies still have the factory-default password (password, password123, admin, etc.) on routers, backup devices, etc. even though they have been in service for months or even years.
Hackers know this and have programs that automatically try the top default passwords when trying to get into your network. Did you also know that every computer in your business network (especially a server) is “pinged” up to 50 times each day? That means about 50 attempts are made every day to get in some “open door” in your network to explore your sensitive files and record keystrokes.
Lack of IT support staff for real-time monitoring of your network
Setting up your technology correctly as soon as you buy it is important, but so is real-time, ongoing monitoring of your entire network. With up to 50 attempts each day to find that open door in your network, you need to ensure that you close all network entry points. Hackers are really good at retrying their attempts, hoping to find a pattern in the way you and your employees access email and the Internet. If they are successful in finding one entry into your network, they will attempt to insert a “key-logger” or other keystroke recording program to monitor what you and your employees are typing, hoping to catch a password for your server, a bank account or vendor account.
Also, don’t forget to ensure your anti-virus and anti-malware programs are updating multiple times each day. With new viruses, malware and hacking tricks coming out every day, your AV program needs constant attention — an AV program that hasn’t been updated in a week or more is like having no AV program.
Small business owners and managers are too busy to keep up on HR changes
Many hacking “successes” are the result of an inside job. Disgruntled employees are one of the largest sources of fresh hacker successes as small business owners and managers are often too busy to stay current with human resources-related duties.
As soon as a terminated employee is being escorted out the door, you should be completing the following:
- Change their email password (don’t delete their email account)
- Forward their email to the appropriate manager
- Change their network access password
- Disable (but don’t delete) their network account
- On their computer, log out of their account
We have had several new clients tell us horror stories about old employees still accessing the company network remotely, accessing their email and sending disparaging emails to company clients and vendors, etc. Without a good employee termination plan that is enacted immediately, you are opening yourself up to problems that could cost you a lot of money and even spell the end of your business.
Final consideration: do you have access to competent IT support?
As we all become so dependent on technology and digital data, it is important to set up and maintain your network and technology correctly so you can concentrate on what you do best and minimize any problems. Having access to competent IT support is critical to keeping you and your staff educated and protected. Although no one can guarantee 100% protection against hacking attempts, you need to do all you can to make your company a “low value target” for hackers.
About Accelera IT Solutions
Accelera IT Solutions is a Phoenix, Arizona-based provider of complete IT services and solutions including on-site support, remote support, data backup and replication (to our secure data center), consulting for HIPAA and PCI compliance, IT project management and cyber-security audits and planning. Accelera also specializes in hardware consulting and installation/setup of servers, workstation, laptops and desktops. Contact Accelera at 623-266-4190 or at www.acceleradata.com.