2016 saw a number of high profile incidents of hacking, cyber attacks and other internet security breaches. These include the politically sensitive hacking of the US Democratic National Convention and a large scale digital denial of service (DDOS) attack which temporarily took down major internet services including Netflix, Twitter and PayPal.
Unfortunately for businesses, these kind of threats are only likely to increase in 2017, not to mention all the new kinds of cyber security issues which are likely to arise this year. Whether you are a company handling large amounts of sensitive data, or simply using basic online services like email, it is absolutely critical to be able to protect and maintain your systems from these threats.
With this in mind, we have identified some of the key internet security issues to be mindful of this year and what you can do to minimise the risk to your business.
Recognising and avoiding phishing attacks
Phishing is the name for a type of scam, usually carried out by email, designed to get the victim to share sensitive information, such as their bank details or login information for key services, such as their email account.
Hillary Clinton’s 2016 presidential campaign chairman, John Podesta, was the victim of just such an attack in March 2016. This led to Podesta’s email account being compromised and a huge leak of sensitive emails in October and November 2016, at the height of Clinton’s presidential campaign. Although it is impossible to say how significant this email leak was in the election, many have suggested it may have played a critical role in Clinton’s defeat.
Shockingly, the phishing email sent to Podesta which facilitated the leak was recognised as such by a Clinton campaign aide, Charles Delavan. Unfortunately, in attempting to flag up the issue, Delavan made a typo and accidentally told colleagues that the email was “legitimate” when he meant to say that it was “illegitimate”. This meant Podesta was not warned to ignore the email and instead clicked on the link it provided and shared his email login details with the hackers.
This shows that it is important not just to recognise how phishing works and how to avoid becoming a victim, but also to have robust systems in place to make sure any potential issues are regularly checked for and flagged by relevant personnel.
Understanding the internet of things
October 2016 saw the biggest Digital Denial of Service (DDOS) attack in history, which brought down a significant percentage of the internet across the USA. This kind of attack relies on a specific type of malware which infects computers and other internet-connected devices. These then create what is known as a “botnet”, allowing hackers to coordinate all of the infected devices. This botnet can then be used to overwhelm internet-based services with traffic until they crash or are so busy that legitimate users cannot access them.
Other than its unprecedented scale, one of the most remarkable factors in this DDOS attack was how the hackers appear to have made use of the internet of things to facilitate their attack. Internet connected smart devices, such as digital video recorders, webcams and even kettles often have very limited security, making them potentially easy targets for hackers. They can thus give hackers access to a large number of devices they can incorporate into a botnet.
With many homes and businesses now containing an increasing number of internet connected devices, it is vital to make sure the internet of things is kept secure. This can often involve such simple measures as changing the default password when a new device is first set up, making it much harder for hackers to access.
Keeping your data safe
An increasing area of concern is how much data companies hold about their users and how safe this data is. One of the most prominent examples that came to light in 2016 was when personal information from 65million Tumblr accounts where found for sale online. This data appears to come from a hack that occurred in 2013, the scale of which was not previously widely known.
The data for sale relates to users email addresses and passwords. Although this is bad PR for Tumblr, there is no evidence of any accounts having been compromised as a result. This is likely because Tumblr used cyber security processes called salting and hashing to protect users’ passwords, which makes the data extremely difficult, if not impossible, for hackers to use even if compromised.
Although it is far from ideal for a company to lose data to a security breach, it is also important to take strong measures to minimise the potential damage that can be caused by hackers if they do manage to access your data. Knowing the best ways to protect your customers’ data can help keep your business and customers safe, as well as protecting your reputation.
Get the best internet security for your business in 2017
The wide ranging and ever changing variety of cyber security threats faced by businesses in the modern world makes it a challenge for most companies to keep up. Outsourcing your internet security allows you to access the very best professionals whose entire focus is on staying up-to-date with all the latest cyber security challenges. This provides a cost-effective way to make sure your business has the very best protection at all times.
City Business Solutions specialise in IT security for the legal industry. To find out more about how we can help keep your business safe and secure, please get in touch.