Hack-Proof Your Business in 2020
As we become more and more dependent on devices, we are exposed to greater risks. This simple logic makes sense on many levels, but it’s tough to fully understand the ramifications of the highly digital world we live in. Much more than we can physically see is connected to the web and the internet, whether it’s our homes’ thermostats or the way in which we receive electricity. Increasingly, it’s our cars, our fridges, and even our bodies.
This, of course, raises many new issues with the risk of hacking and exposure from outages. The problem with hacking and outages is that they don’t appear to be a problem until they’re a big one. And these problems can happen way beyond your personal devices and still affect you.
I’d like to share with you a few examples of hacking and digital exposure. From there, I’ll give some practical advice to business owners and managers on how to minimize risk and watch out for common problems moving forward.
How Widespread is the Issue?
As a society, we’ve become completely desensitized to the hacks of our personal information. When it “doesn’t happen” on our personal devices, we don’t internalize the fact that every American’s personal information has been hacked at one point or another and usually more than once.
Don’t believe me? Here are a few stats:
- 4 billion records have been stolen from people in the last decade. You read that right. That’s close to one record stolen for every human on Earth.
- Facebook, Equifax, Adobe and other large companies have been the targets of successful large-scale breaches.
- The Target breach in 2013 exposed 40 million credit card and debit card accounts.
- The Equifax data breach of 2017 impacted as many as 143 million users. Equifax is a credit bureau; you can imagine the amount of personal information they have.
- The eBay breach of 2014 stole as many as 145 million users’ credentials.
- Up to 540 million Facebook users’ data was accessible – unprotected – until April of 2019.
Hacking, Hacking Everywhere
While the stats above are indeed staggering, it’s pretty much a statistical fact that everyone reading this article has had their data hacked. What’s shocking is that hacking is now appearing everywhere.
In Space, for example. A NASA astronaut is being accused of hacking their estranged spouse’s bank account from space. If you think this is the only weird space hacking story – nope – in 2008, NASA confirmed that a virus intending to steal passwords infected laptops in the International Space Station and send them to a remote server. Most importantly, it wasn’t the first time this happened.
Hacking also occurred in Iran; the nuclear program to make weapon-grade plutonium was thwarted by sophisticated zero-day viruses.
Perhaps more concerning, the U.S. power grid was discovered to have been hacked. While the initial reports in April of 2019 seemed benign enough, it was also documented as the first disruptive cyber-attack on the US power grid.
Keep in mind that Ukraine had extensive outages in 2015 and 2016 that affected a quarter million people due to such hacks. Many industry experts think these recent blips on the U.S. grid are tests rather than full-on attacks. Hopefully, these hacks won’t go any further, but the grid is just one example of how hacking can affect us all.
With many of the previously described hacks, it’s difficult to know what you can do to counter these issues. Luckily, there are several steps you can take to mitigate these issues. Simply being aware of these issues and the scale of impact they can have is step one. In knowing this, we can expect more from the organizations who have our data and learn to protect ourselves in other ways.
Protect Yourself and Your Business
So, what can you do as a manager, individual, or owner of a business in order to hack-proof yourself in 2020?
First, let’s be real, no one thing will ever make you completely hack-proof or invulnerable to outages. What I can do, however, is highlight what we at Media Genesis have seen over the years as the most common issues. Often, these are simple issues that can be resolved quickly and cost effectively BEFORE a problem arises. Once a problem has occurred, the cost and ramifications can be extensive. A bit of planning saves a lot in the long run.
Here are the top 5 resolutions – identified as a problem and solution – that I recommend for you in the New Year:
1. Audit Your Website.
A professional firm, such as Media Genesis, can audit your website, while IT firms can audit your network. Often, these audits are relatively inexpensive and can check for many common vulnerabilities.
During web audits, we often see issues with insecure websites and forms transferring unprotected information, leading to liability. Sometimes we find traces of active hacks – this is the insidious part. Clients often think that, because they don’t do any commerce online, it’s not an issue. However, hackers can use a reliable company’s name and domain, and will do what they want with it, including capturing information for financial gain.
The risk isn’t what you’re doing or not doing, it’s what the wrong person can do with that information on your property. The solution? Run an annual audit and fix the critical issues!
2. Update Your Content Management System (CMS)
This is much like the above – but it’s so common we have to give it its own category. Software is a wonderful thing. Free software is even better. But there is a cost that is not always obvious. In the case of WordPress, one of the most popular content management systems and a great tool for websites, the cost is that 90% of all CMS hacks are done on WordPress sites.
Once a hack or vulnerability is identified, WordPress issues a critical update which is then made public. This means that every hacker can now hack sites that haven’t been updated. It’s literally opening a back door for hackers.
While this is particularly true for WordPress, it’s true for nearly all CMS-driven websites. The solution? Hire a firm to manage this for you! We do this at Media Genesis, and it has become a cost effective and easy way for our clients to manage updates and maintain their site’s security.
3. Manage All Passwords & Accounts
I have started many a conversation with a client who is looking to have us take over management of their digital – whether it’s their website, online ads, social media, etc. Often, when we are ready to gather account information, the client doesn’t have access to critical log-in details such as domain names, emails that control access to other websites, or admin accounts for key services.
This is not only a hindrance to progress, it can become a much more significant problem if the accounts have found their way into the wrong hands. Regaining access can be very costly and time consuming – sometimes it’s even worse, and hackers keep accounts held hostage until they are paid.
This can quickly turn into ransomware, through which an organization will be “held up” to regain access to their account. This isn’t publicized but happens often. Solution: Control and manage your accounts and keywords. Keep track of the access codes and make sure your passwords get changed when a breach occurs.
4. Back Up Your Website
Again, this may seem basic since we hear about it all the time. However, the issue isn’t the site backups themselves – many people now do this regularly. The problem is that most people don’t test the backup to confirm it works.
Most people find out the hard way – when disaster strikes. Solution: Once a year, do a full restore and backup. You will then know if your backup will work should disaster strike.
5. Watch Out for Financial Hacks
This type of hack is rarer, but I have already seen a number of clients affected by this. This is a more sophisticated hack from the classic ransomware. Instead of blocking accounts and extorting a ransom, a hacker will carefully study an organization and follow their flow of money. When the hacker has enough information, they will create a very authentic request for funds. These will often be the same documents used in a wire transfer, for example. The only difference? Account numbers have been changed. The emails may even come from a real account at the company or a domain just like the company’s.
The targets for these hacks are in the hundreds of thousands or more. After 72 hours, the wires can’t be brought back. Solution: Audit your system for both vulnerabilities and your process for fund disbursement. And if it’s not a request you were expecting, call the requesting party to confirm it’s valid.
This list could go on for days. However, by following the above five recommendations, you will address a large majority of the issues I have seen in my 23 years at Media Genesis. Hindsight isn’t always 2020, you can get ahead of it!
For more information on how Media Genesis can assist you in hack-proofing your 2020, reach out to us by phone at (248) 657-7888 or email us at inquiries@mediaG.com.