In a recent blog post, we discussed the millions of Americans who are currently struggling to recover after earthquakes, hurricanes, blizzards, fires, floods, mudslides and myriad other natural disasters that devastated residential and commercial properties across the country. Another category of disaster affecting millions, which also requires careful pre-planning and purposeful recovery, pertains to Information Technology (IT). As a prolific blogger, I wonder what we would do without IT?
Now, more than ever, businesses rely on IT to communicate. Systems such as email, Voice Over Internet Protocol (VOIP), text, and Electronic Data Interchange (EDI) transmit data, including orders and payments, between organizations. Servers process information and store large amounts of data. I rely on technology to tweet and post about safety issues. Desktop computers, laptops, tablets and wireless devices are used to create, process, manage and communicate information. Oftentimes, data is sensitive as well as vital to the survival and continued operation of the business. With so much at stake, would you be prepared if your company’s IT is compromised or stops working altogether?
Examples of IT Breaches & How to Reduce Your Risk
One of the oldest and most successful web hacking scams, phishing is one of the easiest to prevent. Perpetrators send mass emails which appear to be authentic communications from a bank, subscription service, the IRS, or online payment site. The email asks recipients to verify their account information by clicking on a link. Clicking supplies the hacker with the victim’s login information, which hackers use to divert money from the victim’s account. Good rule of thumb – don’t click on any suspicious links, which is easy for me because I don’t have thumbs.
The use of someone’s personal information without permission, such as name and address, credit card or bank account numbers, social security number, phone or utility account numbers or medical insurance information. As a dog, I’m not sure I have a credit score. But I would still like to protect my identity.
Despite repeated warnings, Internet users continue to reuse simple passwords, and create passwords based on birthdates, anniversaries or children’s names. Motivated hackers can break simple passwords through trial and error or algorithms written specifically for the task.
Sophisticated hackers use buffer overflow to gain access to customer data via online forms. The hacker navigates to an online form and provides excessive data in a form field.
When this occurs, simple security techniques are unable to respond to the large volume of data input into an unexpected entry point.
Also known as “fuzzing,” fault injection is a complicated hacking technique wherein criminals research ways to infiltrate the source code and input different data to crash the system. An example would be a hacker using a database query to erase content, or typing in a Web address that delivers a worm into the network. And I thought fuzz pertained only to the pet world!
Hackers capture computer information and encrypt it, demanding payment in exchange for the key to unlock the ransomed data. Instead of targeting high-value, heavily fortified systems, like banks or corporations, which require complex technological skills to crack, many cybercriminals use ransomware on “soft targets,” like small businesses, schools, hospitals, and individuals who are likely to pay hundreds or thousands of dollars to reacquire their digital files.
To Avoid Cyber Attacks:
- Create complex passwords. Guess that rules out RJTheFireDogRules.
- Change default passwords when you acquire new equipment and software, and train your team to change network passwords every 30 to 60 days.
- Change your passwords if a company you do business reports a breach.
- Enable security features on mobile devices.
- Install firewalls and virus-detection software on computer systems and home electronics.
- Update sharing and firewall settings when using public Wi-Fi.
- Consider subscribing to a cloud security service, which employs unified threat management (UTM) technology to help identify and stop attacks, to keep proprietary data safe and sound.
Create an IT Recovery Plan
With so much at stake, business owners and managers should make it a priority to develop and test an IT disaster recovery plan:
- Compile an inventory of hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data.
- Identify critical software applications and data and the hardware required to run them. Using standardized hardware will help to replicate and reimage new hardware.
- Ensure that copies of program software are available to enable re-installation on replacement equipment.
- Prioritize hardware and software restoration.
- Include a strategy for backing up critical information.
- Test the plan periodically to make sure that it works. As they say, “practice makes perfect!”
We Care About Your Safety in 2018 and Beyond
The Allied Universal Fire Life Safety Training System helps commercial, residential, educational, institutional, government, retail and industrial buildings with compliance to fire life safety codes. Our interactive, building-specific e-learning training system motivates and rewards building occupants instantly! It’s a convenient and affordable solution to the training needs of your facility. Choosing our service cuts property management training related workloads by 90 percent and saves you over 50 percent compared to conventional training. Most importantly, it saves lives!