Why You Can’t Rest Easy In Your Digital Security World

The Heartbleed digital security flaw. The end of support for Windows XP. The Internet Explorer Zero-Day exploit. The Anthem Blue Cross data breach. There’s a brief media fanfare about cybersecurity each time something happens, but most of us don’t think we’re affected. Some of us are inconvenienced. A few horror stories make their way into social media. We wonder if our stuff is safe. Is our business secure? Then life pushes the concern into the background. Nothing really bad happened so we must be fine. We’re not an Anthem patient, we’re not a movie studio so it really doesn’t concern us, right?

Wrong. It’s an assumption about digital security that costs consumers millions every year and closes the doors for thousands of businesses.

As networks connect more of our world, there are increased rewards and opportunities for thieves and hackers. Losing our wallet used to mean a trip to the DMV. It could now mean a trip to jail if someone uses our identity to commit crimes.

As a business, you’ve got even greater threats to the security of your network.

Data theft: It’s the business version of having your wallet stolen. Whether it’s someone breaking into your intranet from outside, an unhappy employee selling information or the physical theft of computers or drives storing confidential data the result is the same: you or your customers’ private information is now in the wrong hands. The problem goes beyond financial or credit card information. What about your customer list? Proprietary sales processes? New product specs? Would any of this damage your company if it was given or sold to your competitors?

Why wouldn’t a business, especially a large corporation which depends on client information protect their data in every way possible? Users, for one. The more secure something is, the more difficult it is for hackers to access. It also adds steps for your clients or employees who sometimes feel they don’t have time to mess with security each and every time they just want a bit of information suggests a recent Wall Street Journal article on the Anthem data breach. The data was not encrypted inside the system:

“Scrambling the data, which included addresses and phone numbers, could have made it less valuable to hackers or harder to access in bulk. It also would have made it harder for Anthem employees to track health care trends or share data with states and health providers, that person said.

Companies can employ random pass codes, limit access from outside the office or use complex math to scramble data. But those things slow companies down, sometimes to a degree they find unacceptable.”

Health Insurer Anthem Didn’t Encrypt Data in Theft: Companies Aren’t Required by Law to Scramble Records, and Often Don’t
February 5th, 2015

Viruses: Like the biological entity they are named after, these programs need a way into your system so they can reproduce and infect your computers. They can get in through email, downloads, or shared media like thumb drives and CDs. Stealing data isn’t the main purpose of most viruses – they are usually created to just cause problems – but they can create other vulnerabilities and damage or even destroy information.

And like real-life viruses, computer viruses evolve. The latest and worst incarnation is the Cryptolocker and Cryptowall ransomware trojans. Less than two years old, this malware encrypts your files with a code that you can get… for a price from the people who created the virus. In other words, they kidnap your personal data files and pictures. Anything they think you’d pay money to get back. While the original version has been neutralized, the ransomware concept continues to grow.

The latest iteration is CryptoWall. The best remedy is prevention. It does take time for the encryption to take effect, so it is possible to catch and remove it with the right tools in place. There are also ways to use software or other I.T. security tools to block them. Plus, this once again underscores the vital importance of a three-layer backup plan.

While nothing is 100% certain, we’ve set up automation and leverage technology to protect our clients as much as possible.

Digital security flaws: Sometimes they’re there because of a simple oversight. Or it could be flaw that was created. Regardless of the source, they mean only one thing: your information is exposed. These flaws are often called “Zero Day” which means that attacks come on the same day the problem is discovered and revealed. In other words, they discovered the problem because the attacks came in.

There’s not a lot the end user can do to proactively find and fix flaws in the apps, programs and software that you use. What you can do is make sure that you have multiple layers of protection in place.

For our clients, we are those multiple layers. In April of 2014, Microsoft released a security advisory for a zero-day vulnerability in Internet Explorer. Despite the initial media hype and it taking five days to get a security update from Microsoft, this was not that big of a deal if you know what to do. And our team knows what to do. Late the night of the announcement, J – I.T. Outsource President and CEO J. Colin Petersen found a solution, emailed David “Doc” Xiong, our former VP of Technology and this email came right back:

Being ahead a few days doesn’t sound like much, but every hour matters when your information and your network is vulnerable.

You could make yourself and your staff crazy trying to chase down security breaches, patching leaks and tracking down wild media stories. Or you could have a proactive plan in place that works 24/7 to prevent access and correct security weaknesses. Our goal is to prevent all that can be prevented and to respond as quickly as possible to that which can’t be prevented.

What do you have in place to protect your business data? Not sure? We’ll take a look – no cost, no obligation. Call us at 559-485-4335