Web security has become one of the hottest topics of the past few years, with cyber attacks originating in many forms. In 2014 alone, we had the Snapchat hack, Heartbleed, Shellshock, SoakSoak and many other attacks (you can learn more about each of them here).
Category: SiteLock News
If you think that DDoS attacks are just a problem for the big guys, a new study might change your mind. The recently published DDoS Impact Survey found that nearly one in every two companies, regardless of size, were victims of a Distributed Denial of Service attack. The average cost of a DDoS attack ran to around $40,000 for every hour the attack lasted
The authors of the survey spoke to nearly 300 North American companies, ranging in size from 250 employees to more than 10,000. The responses were very troubling:
Seems like hardly a day goes by without a report of yet another data breach. And that’s because a day doesn’t go by without one. There has been an average of one reported data breach every day for the last five years, and 2014 has no intention of bucking the trend.
According to the non-profit Identity Theft Resource Center, there have been 411 reported data breaches in the U.S. in the first six months of this year. That works out to an average of more than two data breaches every day. And those data breaches combined have exposed an estimated 11 million records.
Malware can be confusing. Not just because there are millions of different types of malware, because they’re constantly evolving. And it doesn’t help much that researchers have a tendency to give them some crazy names.
The botnet, on the other hand, is relatively easy to understand. Instead of just stopping at infecting thousands or even millions of computers, botnets will continue to control all those computers remotely to perform the bidding of the bot controller or herder. That’s why it’s one of most sinister types of malware that all business owners need to be aware of.
Every year about this time, Verizon comes out with an annual review of the results of its investigations into thousands of data breaches and security incidents from around the world.
The report can be very data heavy and even a little depressing, but we can learn great things from it. Here are just ten:
Of all the threats that could be stalking your business daily, it is most unpleasant to think about the fact that the biggest threat could already be inside your walls, maybe even on your payroll. Unfortunately there’s plenty of evidence to suggest that the biggest source and cause of security incidents is the humble employee.
The good news is that few of these incidents are deliberate attacks or frauds by your most trusted insiders. Instead they tend to be innocent mistakes which could easily be avoided but which are quickly taken advantage of by hackers.
As National Cyber Security Awareness Month wraps up for yet another year, have you learned anything? More important, have you done anything, at least to improve your security? In case the answer to one or both is no, I thought I’d share the experiences of just a couple of small businesses (one which I worked with personally) that learned about security the hard way.
In the first case, the victim was a small but thriving electronics business based in Nevada. Their problems began when they started getting phone calls from angry suppliers wanting to know why some big bills hadn’t been paid. After some investigating, the business owners figured out that the bills had not been paid because they had never actually placed the orders.
There are plenty of things your employees can do to make your business and their workplace safer. Here’s just a sample of some of the more important ones.
- Follow your security rules and policies. Which means you have to have some in the first place, you have to share them, and your employees must know there will be consequences if they ignore them.
- Protect their passwords. Password safety is not just about creating strong passwords and changing them often. It’s also about employees protecting their passwords, not writing them down where they can be found or hacked (like on a computer) and not sharing them with other employees.
- Ignore phishy emails. Phishing emails are still very effective in spreading malware and other threats. And advanced phishing schemes, like spear phishing, can be so convincing they can easily fool employees. So it has to be guard up, all the time. Trust, but verify.
- Surf more selectively. Where an employee wanders on the internet, and what sites they linger at, can determine their vulnerability to a host of web threats. One of the biggest threats is a watering hole – an infected web site lying in wait for every visitor (including your employees) to visit the web site, catch the bug, and bring it home.
- Believe that if security is good for business, it’s also good for their job. Sad but true, fear is a great motivator. If fear of the impact of a security breach on your business is enough for you to make security changes, same rules apply to your employees. If they can be made to understand that a data or security breach could result in layoffs, maybe they’ll think twice about the next online pharmacy they were thinking about visiting.
- Protect their laptops and other devices. The two worst things that can be on an unprotected laptop or smartphone are sensitive customer information and access credentials like a password. It doesn’t help if the devices store company secrets either. But the best way to prevent a missing laptop or phone from turning into a major security incident is to make sure employees don’t use them to store anything sensitive.
- Be careful on the road or out of the office. Like the knights of old, it’s easy to feel safe, comfortable and complacent behind castle walls, but things change when you’re out in the wild. Employees need to understand that security rules and practices follow them everywhere because hackers are everywhere.
- Beware of free Wi-Fi networks, and especially at hotels, coffee shops, and airports. Setting up a fake network with the network name WelcomeToStarbucks is child’s play, even for an amateur hacker. And a very easy way to eavesdrop on an unsuspecting employee.
- Be vigilant, challenge, and report. Encourage all employees to be vigilant around the workplace, whether it’s a stranger wandering around the office or sensitive data left unattended. Make it easy for them to take action when they see something suspicious, and even allow them to report it anonymously if they prefer.
- Lead by example. The greatest feature of a great leader is the ability to make others want to follow. If you don’t live, breathe, and talk security, why should you expect your employees to? Talk about security, as often as you can. And talk about it positively, as a business enabler and opportunity, and not in the way you might scold belligerent children.