Digital Security Halloween Horror Stories: How to Prevent Tricks and Enjoy Only Treats
Do stories about digital security horrors keep you up at night? As Halloween approaches, your thoughts might turn to goblins, ghosts, and ghouls. If you really want to give your IT manager or business owner nightmares, you might review some digital security horror stories from the past few months. Fictional monsters pale when measured against the real threat of malicious hackers, computer attacks, and other threats to your computers, mobile devices, and networks.
Digital Security Halloween Horror Stories
Enjoy the thrills and chills of the Halloween season while sleeping easy because you don’t have to face these terrifying computer security threats that have recently made the news:
- KRACK Attacks: KRACK Attacks, short for key reinstallation attacks, even sounds scary. A security researcher discovered that a skilled hacker just needs to be in the range of a secured or unsecured WiFi connection to steal data. The thief doesn’t even need a password. Since the hacker uses a vulnerability in the connection, it really doesn’t matter what kind of operating system or device you use to connect. Some vendors have issued patches, but you’d be prudent to use multiple layers of security when you access sensitive data if you are not sure who might creep around within range of your connection.
- Equifax data breach: This story didn’t just cause Equifax nightmares. Just about any U.S. adult who has ever had a loan or credit card probably got their data stolen. The company said that an employee error compromised security, and certainly, malicious or greedy hackers pounced upon the opportunity. One thing that made this breach seem even more painful than some other high-profile cases is that consumers don’t choose to do business with credit bureaus. It’s not like you can just decide to take your business somewhere else if you don’t like the way Equifax protected your personal information.
- Apple encryption: A researcher at Johns Hopkins managed to copy and decrypt supposedly secure Apple iMessage text messages. Apple announced a patch for this creepy bug; however, the head researcher voiced concerns about other vulnerabilities in the system that a skilled phone hacker might exploit. Wired also commented that your messages from a supposedly secure messaging app may only really have end-to-end encryption if the receiver also uses the same messaging app. If your business depends upon secure communications, you want to provide your employees with approved apps and some warnings about how sensitive data should get communicated.
- Small business ransomware attacks: Last summer, the Denver Post reported upon a devastating ransomware attack that destroyed one small business. As often happens in these cases, an employee accidentally clicked the wrong link in an email. This downloaded ransomware. The virus swiftly invaded the company’s entire computer network and encrypted all of their files. The backup and recovery system had not been maintained so the company could not operate without removing the virus. In a panic, the business owner paid the hijackers $50,000 in return for an encryption key, but the key did not work. Shortly afterward, the company failed because it lacked funds to recover.
Most of these stories discussed digital security horror stories that happened to large companies; however, small businesses don’t enjoy any special protections. The Denver Post article also reported upon these alarming figures about security breaches in small companies:
- IBM says that over 60 percent of all cyber attacks hit small and medium businesses. Hackers consider them easier targets.
- Most breaches happen because of an employee mistake. For instance, email phishing and identity theft are common with smaller companies.
- Even smaller companies usually have to spend almost $700,000 in their full recovery effort. Mid-sized companies spend millions.
How to Keep Your Computer Systems Free of Tricks and Full of Treats
Hopefully, these cybersecurity horror stories have spooked you enough to consider ways to improve your own business security. You will discover that having only one layer of security and relying upon employees to never make a mistake won’t protect your company from all of the threats you could face. Typically, a modest investment in better computer security will cost much less than having your systems corrupted, getting your data stolen, or drawing the ire of your customers and government auditors.
The sad fact is that many smaller companies never recover from the losses they suffer. Because it’s difficult for the staff of smaller companies to predict all of the ways that computers and networks can get compromised or destroyed, many small-to-medium-sized businesses have been relying on third-party security providers and consultants these days. Because their systems aren’t properly monitored, many small companies aren’t even aware they have been hacked until they have already suffered losses. Good security providers can offer you a budget-friendly plan with the same tools and expertise that larger companies enjoy.
No matter what you do, nobody can really offer you a 100-percent guarantee that your systems will always remain secure. Employees make mistakes, hackers get more skillful, and accidents happen. In the end, your best defense is a well-tested and maintained backup and recovery solution. If your company falls victim to a ransomware attack or even some sort of physical threat, you’ll know you can wipe your systems clean and begin operating again with minimal interruption.
Author: Aaron White, Date: 31st October 2017