Data Breaches Are The Biggest Threats To Businesses

One of the biggest threats to businesses both small and large is the ever growing prospect of data breaches.  More and more we are seeing headlines from some of the world’s biggest companies where millions of customers data has been hacked or somehow accessed by a third party.  This can end up costing the customers millions of dollars as the information can be used in a multitude of identity theft crimes.

This leads us to one of the most important topics of 2018: the ability to ensure that your data is safe from hackers and that your IT security is up to par.

Compliance And Other Requirements

Depending on the industry that your business is in, compliance may be very high on the list in terms of importance.  For example, HIPPA compliance is a huge deal for doctor’s offices, hospitals, clinics, and other businesses where patient records will be handled and stored online.

Ensuring that your office and IT is HIPPA compliant can be a big drain for an IT team, so this is one area where outsourcing to a managed IT company might be the best and most economical choice for your company.  This frees up your in-house IT staff, and leaves the dirty work of keeping 100% up to date on ongoing security threats up to a professional IT company.

Another compliance area is payment transactions.  The huge Target data breach a few years ago spilled hundreds of thousands of user credit card numbers onto the black market, and many people found themselves the victims of fraud, including myself(!).

Ensuring that your payment systems are secure is one of the areas where hiring an IT services company is probably the best choice.

Choosing an IT Company For Security

If you decide to hire an IT company to run your business’s security, then there are definitely a few things to consider when choosing a company.

Local is better: if you have the choice, go with a small to medium sized local company.  Using national companies can get tricky and you won’t get much in the way of personalized service.  Local companies will have less of a client load and offer much more personalized and fast service in the event of an emergency.

Ask around for recommendations: either businesses in your industry or friends and family that might be able to recommend a good IT company.  Recommendations are probably the best way to hire a good company.  In fact, one local San Diego IT support company AMA Networks claims that almost 100% of their current business is from client referrals.

When contacting and interviewing potential companies, ask them for references as well.  Any good IT company will be happy to let you contact past customers as they should be proud of the work that they’ve done.

Meet the companies in person if possible to get a feel for their business practices, personality, and the morale of their team (if possible).  This can go a long way in sussing out companies that might leave you hanging in an emergency.

Security Flaws In Windows Increase Threat Danger

It’s no secret that Windows is a huge target for hackers and other nefarious internet denizens intent on causing mayhem in unwitting computer users.  Unfortunately Linux and Macs are increasingly targeted these days.  Businesses should be aware of the risks and educate all their staff on the dangers of using particular programs, such as peer to peer networks.  Although it should be “common knowledge” unfortunately some people still do not understand the risks involved.

Another relatively new and growing danger: peer-to-peer networks and instant messaging. Expect virus writers and snoops to start exploiting the popularity of peer-to-peer networks, such as Grokster, Kazaa, and Morpheus, and instant-messaging services offered by America Online and others.

Any company with employees using peer-to-peer file-sharing networks is inviting trouble. Consider the following experiment conducted by Bruce Hughes, director of malicious-code research at TruSecure Corp.’s ICSA Labs. He set up a crawler program on Kazaa and other peer-to-peer networks, scanning for popular file types using keywords such as sex and antivirus. Hughes says 45% of the files he downloaded contained malicious applications. “If you’re downloading files from these networks, you’re going to get infected with something,” he warns.

Almost all the big attacks last year were aimed at Microsoft PC and server software. This year, new threats will appear aimed at emerging operating systems and devices, such as Linux, handheld devices, and smart cell phones. “We’ll see a cell-phone virus. It’s almost a certainty,” says David Perry, global director of education for antivirus and content security firm Trend Micro Inc. “We’ll also probably see a virus designed to spread over wireless LANs. We just don’t know when; it could be this year or it could be five years.”

Linux is more susceptible to attack because it offers increased functionality and more users are using a graphical interface such as Lindows, which makes Linux easier to run, says TruSecure’s Hughes.

Still, most experts agree that Microsoft will remain the target of choice for worm and virus writers, at least for the short term, because of its market dominance. Microsoft and other software vendors have been devoting much time and effort to reducing the number of flaws in their code. But that won’t eliminate the software vulnerabilities that make it easier for hackers and virus writers to attack. CERT says that more than 4,000 software vulnerabilities were reported in 2002 and nearly 3,000 were reported in the first three quarters of 2003. Security experts expect that reported software vulnerabilities will continue to number between 50 and 60 each week.

The real issue isn’t the number of vulnerabilities reported, but the severity of the security flaws. The vulnerabilities discovered last year and expected this year are increasing in severity, says Symantec’s Weafer, who expects that trend to continue. About 80% of all software vulnerabilities are “remotely exploitable,” which means virus and worm writers can write malicious apps that can attack these flaws from anywhere, he says.

“Security Threats Won’t Let Up; Attacks on business networks are expected to grow As use of spyware increases. The good news? As risk increases, companies are paying attention.” InformationWeek 5 Jan. 2004.