Tips to Tackle Hack AttacksCompanies of all types and sizes today are conducting much of their business online. It reduces cost and increases profit while attracting customers from far and wide. This public exposure is great for business, but it also puts organizations at risk for viruses, malware, hacking, spam and other cyber threats.
“As we conduct more business on the Internet, the risks increase and hacker techniques are more sophisticated,” said Clarke Anderson, CEO, A.J. Boggs & Company, a local company that offers secure server hosting, information technology (IT) management and business consulting services. “The main threats today to businesses’ sensitive data are causing malicious damage to data systems making it possible for hackers to disable critical systems and steal precious data,” Anderson added. Other threats include “inside threats from employees and other partners.”
Of course, the type of information at risk varies.
“Privacy-sensitive data, if not properly protected, can lead to identity thefts. Intellectual property (such as product designs) and trade secrets (like customer lists) are also at risk of being stolen,” said Anderson.
The cyber-criminals behind these threats have one purpose — theft — to steal a company’s sensitive information and/or money. With an estimated cost of billions of dollars per year nationwide, cyber-crime might be one of the greatest challenges facing businesses today. The question remains, how can businesses become less susceptible to these hack attacks?
“Prevention and planned responses are critical components to any business security program,” Anderson said. He advises using strong passwords and changing them periodically, about every 90 to 180 days or so. “We also find many businesses need help managing peripheral security, like firewalls and offsite backups, and we can help develop plans to mitigate risks and manage changing compliance requirements.”
Because cyber-criminals are using more sophisticated tactics to hack into computer systems, being proactive and staying ahead of them is vital.
“With each advancement in technology, we are presented with a new set of security concerns to address,” said Cale Sauter with Liquid Web, a managed hosting and data center company in Lansing. “At Liquid Web we have been able to provide customers with several solutions to protect their web facing applications from both known (and unknown) future security threats.”
Both Anderson and Sauter agree that companies need to remain vigilant and stay one or more steps ahead of hackers. Businesses should put programs and procedures in place that raise awareness of the latest cyber threats, and train staff on how to use current technology and effective tactics to tackle hack attacks. These measures can make it harder for a hacker to target them.
The most malicious attacks that Liquid Web has found are from “misconfigured or outdated web applications, poor password policies or insider threats,” Sauter said. “That’s why we stress regular updates, requiring strong passwords (that protect clients against password-guessing attacks) and vigilantly monitoring and regulating who has access to your data as well as how it’s being stored. Businesses who host with us and are responsive to these items rarely, if ever, experience any type of security issues.”
Security and technology are issues that all businesses must address.“There are many unpredictable events that could change the way you think about your valuable data,” Sauter said. Calling internet security “a hot topic for the foreseeable future,” Liquid Web has “put forth a strong commitment to study, research, train and develop to stay a step ahead of anything that presents a threat, on all fronts.”
Anderson offered a checklist of business practices and procedures that can go a long way to preventing serious breaches and loss of time, money and data.
Created by the Multi-State Information Sharing and Analysis Center, these practices include:
- Update security software, including antivirus, spyware and other malicious software.
- Use latest versions of all your software, including operating systems, browsers and software and applying patches when they’re released.
- Regularly back up files and data.
- Conduct security reviews.
- Review and revise policies regarding staff access.
- Properly destroy computer equipment that may contain sensitive, private or personal information.
- Provide security awareness training to teach employees about the risks.
Strengthening Cybersecurity in the Lansing AreaA group of executives representing both private and public sectors in the Lansing area has been meeting regularly with one goal in mind — to strengthen cybersecurity in the Lansing area.
Inspired by Michigan Governor’s Cybersecurity Initiative, the public-private partners seek to build a better capacity to anticipate, protect and respond to cybersecurity threats.
“We are collaborating to develop advanced solutions to cybersecurity problems, such as cyber alert networks, shared cyber process and procedure documentation, wireless key entry, identity management and cyber situation awareness,” explained Clarke Anderson, CEO of A.J. Boggs & Company, and one of the group’s members.
Other partners include Michigan State University’s School of Criminal Justice, local technology companies such as Array IT, 5 Star Security Solutions, Monarch Enterprises, Sergent Results Group, Synergistic and other interested executives.
“Our long-term goal is to create thousands of excellent jobs by attracting federal programs to the Lansing area and funding businesses with economies that offer sustained investment growth,” Anderson said.
Organizations in this region offer cybersecurity expertise in many areas including:
- Big data and other analysis services
- Pattern recognition technology
- Software development (Dashboards, user administration and information retrieval systems)
- Enterprise cybersecurity operations and consulting
- Highly secure managed hosting services
- Hacker profile research
The MSU School of Criminal Justice and its Office of Research are sponsoring the First Annual Interdisciplinary Conference on Cybercrime featuring prominent cybersecurity experts on March 20, 2014, at The Henry Center in East Lansing.
“We are currently seeking $3 million in seed capital for the startup 911.net” Anderson said. In the future, “we will look for investors and seasoned cybersecurity executives for startups.”
Read more about the Governor’s Initiative at www.michigan.gov/cybersecurity and the Conference on Cybercrime at http://cj.msu.edu/programs/interdisciplinary-conference-cybercrime/.