When a big IT data breach occurs there is lots of media coverage and we all hear some of the gory details on how serious the impact may be. Unfortunately, we do not hear as much about the smaller breaches that also occur and that means that many companies do not work as hard as they should to protect their computer networks.
A compendium of the types of breaches that have occurred would include:
- DDos attacks which attempt to bring sites down by flooding them with bogus messages and thus overloading the communication pipe or the server
- Loss of data from unencrypted USB sticks or portable computers when the hardware gets lost or stolen.
- Access to corporate records from former employees or contractors when credentials are not changed once they no longer need access. Often does not lead to problems but has a high potential if the relationship sours.
- An attack on a third party supplier that is linked to your site or operations. This occurred this year and resulted in the closing of several large retail photo sites while corrections to the software were made.
- POS (point of sales) malware was the reason for several retailer operator data issues this year. We often think only of the basic software but there are many pieces to most online and cash register systems. Each one has its potential for challenges.
- Online registration sites which are not encrypted. Many organizations use online services and sites to register people for conferences, meetings, events and other activities. They collect many types of personal information including credit card or debit information. Ensuring the systems being used are robust and secure is important.
- Phishing attacks abound through email spam and telephone contacts. Many types of unscrupulous businesses use these techniques. It is not always just personal information they are after. They may be trying to push people or businesses into unnecessary or high priced purchases. An example is the toner pirate problem that still affects the office equipment user.
- Canadian banking contacts are a frequent example of these types of attacks with emails that look reputable but contact bogus links. Canadian banks have adopted policies to NEVER ask clients or others to contact them through online links in regular email or websites. They only communicate with customers through their secure proprietary communications systems. If in doubt on any message call and ask. They will help you know if the communication is legitimate.
- Ransomware. A situation where someone hijacks your site and locks you out till you pay them a 'fee'. Hard to police and even harder to clear without solid professional help.
- Insider threats either from mistakes or unhappy employees. Monitoring software can help track what is going on in your systems. Let users know that it is being used as a partial deterrent.
This list gives only some of the ways that IT data and computer networks can be compromised. There are many costs and impacts of these kinds of issues.
A Globe and Mail article reports that the average per capita cost from these kinds of problems is $250. Per organization reports $5.32 million which is obviously affected by the really big breaches.
IT World Canada has summarized a range of Canadian stories as it looks at the problem.
No matter what you decide about your potential vulnerability, there are steps to take to protect your systems, educate your employees and secure your most vital data. Failing to take the time and effort to work on this area of your operations carries a bigger risk than many business owners realize.
Let's make 2016 the safest IT year possible.