It’s been all over the news. Companies including JPMorgan Chase, Target, Michaels Stores, Neiman Marcus and Home Depot have all had their computer networks compromised by outside criminals known as hackers.
Sony Pictures had private employee emails published on the Internet. That’s little more than a minor irritant compared to millions of Target customer credit card numbers and expiration dates falling into the hands of criminals.
You’re less likely to hear about how many small businesses have been experienced computer security breaches. According to a Duke University/CFO Magazine Global Business Outlook Survey, more than 80 percent of U.S. companies have been successfully hacked.
Those companies had costs averaging $8,700. In most of those network compromises, the hackers didn’t get company emails or credit card numbers. Your company’s computers contain a wealth of information criminals can use for their own benefit or simply to disrupt your operations. Some computer users seem to believe computers repair themselves. That may happen sometimes but in most cases, you need professional help. Trust your technology to Redondo, Hermosa and Manhattan Beach's premier computer repair techs.
Virus and Malware
There may not even be a person at the other end of an attack on your computers. Collectively, the software that finds its way onto your computer and causes you time and money is called malware. It comes in various forms. You may think the names are cute or clever…until it cripples your business. Here are some of the types of common malware.
- • Adware
- • Bot
- • Bug
- • Ransomware
- • Rootkit
- • Spyware
- • Virus
- • Trojan Horse
- • Worm
Symptoms of Malware
- • Slow computer or web browser speeds
- • Problems connecting
- • Freezing or crashing
- • Modified or deleted files
- • Appearance of strange files, programs, or desktop icons
- • Programs running, turning off, or reconfiguring themselves
- • Strange computer behavior
- • Emails/messages being sent without your
- • Things just stop working
Your Anti-Virus May Not Work As Well As You Think
If you think having an anti-virus program installed on your computer will prevent you from infection, think again! Beach Cities Computers & Video responds to customers’ paralyzing infections by malicious software more than any other single problem. Nearly 90% of those infected have some kind of virus protection that proved ineffective against the threat that we remove.
It costs much less to protect your company’s network from cyber criminals than to fix it after hackers have attached you.
Call (310) 374 - 0969 to schedule an appointment
Beach Cities Computers & Video will perform a free, comprehensive, on-site security analysis of your network. We will look at everything from your Internet connection to your printers for vulnerabilities and let you know how to fix them and how much it will cost.
An easy hack
In March of 2012, a 22-year-old student at California State University San Marcos used technology to “rig the ballot box” in a student council election. He managed to vote for himself more than 600 times using identities stolen from other students. The fraud might have gone undiscovered if network administrators hadn’t noticed all the votes came from one computer.
The Cal State student used a device called a key logger to record everything students typed on publicly accessible computers around campus. Key loggers, like guns, are perfectly legal until you use one to commit a crime. The student council candidate discovered that subtlety when he was sentenced to a year in federal prison.
Key loggers are much more common than you may realize. Husbands and wives use them to spy on each other. Divorce as the result of a cheating spouse’s intercepted email or text has become commonplace.
Parents use key logger technology to monitor underage kids’ internet use. Some commercial key logger software can monitor access to restricted material as well as communication with potential online predators.
The software can be hidden on the computer or run openly. A spouse would probably choose to hide a key logger program. A parent might choose to approach key logging as a preventative measure by explaining to a child what it does and why it’s there. An employer might do the same thing by telling employees everything they do on company computers can be monitored.
The use of legal key logging software and hardware for malicious purposes is one of the more obvious ways your company data can fall into the wrong hands. A devious employee could insert a device that looks like a thumb drive or a stealthy key logging program on your computer or the computer of an employee such as a bookkeeper. No doubt, quite a bit of your financial and other proprietary data appears on your screen as a result of characters you type on your keyboard. He or she would be able to see it all.
Someone would need to have physical access to your computer to put this type of key logger technology on it. However, there are malicious software programs called Trojans that can accomplish the same goals without having anyone involved stepping foot in your office or even on the same continent. They’re transported by the Internet.
Your commercial anti-virus software should be able to minimize this kind of external threat. Password protecting your computer log-in and disabling guest login will help keep out would-be spies within your organization. You might also want to create another user without Administrator privileges for ever day use and save administrator log in sessions for times when they’re necessary. No one can install software on your computer without your administrator password. Also take a look at your USB ports occasionally to see if there’s anything in them you don’t recognize.
I wish I could tell you these simple steps could eliminate threats to your network and data. I can’t. If Target and Home Depot are vulnerable to huge data losses, what can small businesses possibly do to protect themselves?
The answer is, plenty. You can take many cyber security precautions yourself by doing a little research and formulating a plan. You can also rely on the expertise of professionals to give you back the peace of mind you may have had before reading this article.
Cyber crime is like the common cold. Some risk of exposure and infection always exists. But there are ways to make yourself healthy enough to avoid them. That should be among the goals of every small business.
Call BCC&V for help with all your compliance needs.
That’s a word that fits the government agency vocabulary the way “confluence” fits meteorology. We’re in compliance when we comply and that usually has something to do with regulations. And no one does regulation better than government agencies.
One of the services many IT firms provide is stated simply, compliance. The nature of your business determines the type of compliance that’s required. Most businesses have some sort of compliance requirement. Many have more than one.
We recently did a security analysis for a medical practice. If you aren’t in the medical field, consider yourself lucky. They need to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
HIPAA compliance is a maze of locked doors and hidden passageways with very few clues about how to reach the end, assuming there is an end, which there really isn’t. Fortunately, there’s a handy 45 page guide to the federal government’s requirements on privacy and security. Good luck finding the answers you need in that hypnotic publication.
Many business owners assume someone else in their field of vision is taking care of compliance. Maybe your Internet or phone company handles security for the services they provide. Maybe your credit card processor handles compliance issues for your card transactions.
And…maybe not. If you accept credit cards, it’s a near certainty you need to comply with the Payment Card Industry Data Security Standard (PCI DSS), commonly referred to as PCI compliance.
In some rare and wonderful instances, an industry does such a good job regulating and policing itself, the government just lets them do it without interference. That seems to be the case with PCI compliance. A non-government organization called PCI Security Standards Council (https://www.pcisecuritystandards.org/) sets and administers standards that apply to merchant credit card security.
Non-government does not equate to non-complicated although their web site is pretty easy to navigate. It won’t take much time on their site to determine whether your business needs PCI compliance. Merchant classifications differ based on the types of credit cards accepted and whether the business is ecommerce or brick and mortar. Most small businesses fall into the Level 4 category.
As a Level 4 merchant you are probably required to perform an annual self-assessed questionnaire and quarterly scans of any public network that enables credit card transactions.
Perhaps the one single piece of PCI compliance advice that’s most useful to small businesses is to avoid storing credit card numbers on any of your computers or servers. If you do, you will have to meet a higher standard of data security. At very least, you will need to encrypt data going into and out of all computers and servers on your network. That can get complicated.
In most cases, government and non-government agencies that want you to come into some form of compliance will let you know. Be warned. Just like the law, ignorance of requirements is not a defense if you fail to meet compliance regulations.
You should contact government agencies that regulate your type of business, your credit card processor and your insurance company to get a clear picture of any compliance issues you may face. The consequences for non-compliance can be severe. Compliance is a real world example of an ounce of prevention being worth many pounds of cure.