CyberattacksWell, it was in the news that we were under cyber-attack by China and that we were retaliating.  You might think that there would be pictures and videos and news at 11.  Instead it’s more like discovering a new galaxy. It has no impact on us, or does it?

My company sits in a unique position where we support many SMB’s (small and medium businesses) client’s IT that include regulated entities like banks and publically traded companies who must be SOX (Sarbanes-Oxley) complaint, finance/leasing companies who must be PCI complaint, and medical facilities which must be HIPAA compliant.

We have received a rash of calls from “new prospects,” who have had a similar chain of security breaches.  From worms and Trojans running wild and shutting down major businesses for 72 hours, to fraudulent transfers of money from bank accounts, to social engineering phone calls directed to key personnel that request confidential information.

System vulnerabilities of every IP address on the internet are being systematically exploited, in an automated fashion, and succeeding.  Clients who have deferred basic security protocols by rationalizing “why would anyone want to hack into my business” are the low hanging fruit.  The answer now is, because you are on the internet, you are vulnerable and you haven’t taken the necessary steps.  Do you lock your office?  Do you lock your house?  Do you lock your car?  A vulnerable computer system is akin to leaving all of your confidential information such as bank accounts, contacts, accounting information and business secrets in a file cabinet, outside, unlocked, at night, with a neon sign flashing “here I am”.

Whether the news reports are correct, and the cyber-attacks are coming from China is really incidental.  What is important is we’re seeing an increased level of automated attacks against every kind of company and they are going after known vulnerabilities.  The sad part is many of these vulnerabilities are inexpensive or even free to implement.

  1. There is no substitute for education
  2. Have a written computer usage policy
  3. Patch all of your computer systems every month.
  4. Use strong passwords
  5. Get a real firewall.
  6. Use encrypted connections / VPN’s
  7. Take advantage of complementary audits and assessments
  8. When a service like Facebook is free, find out what the costs are in privacy.

– Dan Scolnick
IT Computer Support of New York
President and Chief Technical Officer