Blog

Often cyber security is considered merely an IT concern. And while technical solutions are the cornerstone of effectively safeguarding your systems, it’s also important to train your non-technical staff on their role. According to Forrester’s “Global Business Technographics Survey 2016,” almost half of those interviewed had a security breach in the past 12 months – and more than half of those cited the cause as an employee or third-party partner or vendor.

Make sure all staff members understand the importance of cyber security and how serious the risks are. The loss of employee or customer data will not only cause difficulties for individuals, it could literally put the entire company at risk. Everyone in your organization who has access to a computer should understand the following important requirements:

• Protect Your Hardware: Teach employees to log out or lock their screens when they are away from their computer, lock laptops, and keep all portable media secure. This includes cell phones, tablets, and also any devices containing data such as USB drives or DVDs. Before using a USB drive or DVD from outside the company, scan them for malware to ensure they do not contain a virus that may spread through your network. And, if any hardware or software is lost or stolen, make sure employees know how to report the loss.
• Password Management: Make sure you create and share a company policy on how passwords should be structured, who they should be shared with, and how they should be stored. Employees should take care to use different passwords for each site they use, and also need to follow a password update schedule.
• Regular Updates: Anti-malware programs should be kept up to date. Software updates should also be done as they come up – employees will often skip updates if they are in the middle of a task, but these updates often include security patches that keep your system safe.
• Protect Your Data: Cyber criminals are typically looking for your confidential customer data – credit cards, email addresses, phone numbers. Employees need to understand that this data cannot be sent via email. Be sure you have a secure file transfer system available and that your employees are using it.
• Sniff out Phishing: Employees should be informed about the different types of phishing emails they may see, and should have a protocol to follow if they receive such an email. And, since humans make mistakes, they must know how to take immediate action if they accidentally discover they’ve fallen prey to one of these scams.
• Vendor Lockdown: Your third party partners can unwittingly pose a serious cyber threat. Make sure your contracts include safeguards and assurances about how they are handling security in their business.

Your employees are an important defense against the daily attempts to breach your security. And Blutone Technologies can provide your technical cyber security needs, ensuring your systems and connected computers are consistently updated, scanning for unauthorized access requests, and keeping you up-to-date on potential threats. When you combine our expertise with a cyber-aware staff, you’ll have the best chance of keeping your business moving forward without falling prey to scams and malware.

Earlier this year, more than 4,000 websites were hacked in a crypto-currency scam that used a website plug-in to infect them with malware. And that was just one incident! Websites are very attractive to hackers because they typically have contact pages or gather customer information in some way. They can redirect that data to themselves and then further spread mischief by emailing malware to your customers. Here are some of the steps you can take if you discover your website has been hacked:

• Inform your web hosting company. Often they will know how to solve the problem better than you. They will also likely have other clients on the same server, so they will need to check those other sites as well. Seek the assistance of security experts (like Blutone Technologies) to help you restore your website and protect it in the future.
• Quarantine your affected website – take it offline until the problem is resolved. Point your web site’s DNS to a static 503 HTTP responsive code page on a different server. This will also ensure your visitors do not encounter malicious code or spam files when they try to visit your site. Your web hosting company can take your site off-line for you, but let them know you will need to toggle your site to test it.
• Check all user accounts on the site. Hackers often create a new account. Note the account names and delete them, but keep the notes in case they are needed for further investigation. Use a “clean” computer to change access passwords. Be sure the new passwords are very different from the current ones – a small change will be more open to future compromise.
• Verify ownership of your site, as the hacker may have verified ownership and compromised your settings. Do this by going to Google Webmaster in your browser. Carefully check all settings and note any unusual changes before correcting them. Restore the website from a clean backup, and take the site back offline to continue to work on it.
• Determine the severity of the attack. Sometimes a hacker will want to use your site to distribute “spam” content, malware, or for phishing purposes. Look for modification of existing pages, new “spam” pages, open “backdoors” for the hacker to use for re-entry, or writing functions that post on clean pages. You may need to compare the hacked website with your clean back up. Check configuration files, look for failed login attempts, creation of user accounts, command history, etc. Update the website with the latest content management system version and security updates.
• Identify your vulnerabilities. Possible suspects include weak or re-used passwords, an infected computer used by an admin, permissive coding, or out of date software. Install security plugins and harden the website to prevent further security compromises.
• Remove new URLs created by the hacker. Be sure the backup website was created prior to the hack. Put your website back online and re-scan it to make sure there are no more security issues. Change the passwords again. Clean and maintain your site and server – be sure you have done a clean installation, not an upgrade, which could leave files from a previous version.
• Request a review by Google to unflag your site or page. For phishing hacks, go to google.com/safebrowsing/report_error/. For spam or malware, go to your Search Console and find the Security Issues report. Click to request a review, and provide the information Google requires to know the site has been cleaned. Phishing reviews typically take a couple days; Malware 3-4 days; and spam hacking may take several weeks.

As you can imagine, avoiding a website hack is much preferred to taking all these steps after the fact! It is imperative to keep up and maintain your site. You do not want to fall into the same traps and be hacked again. With Blutone Technologies, you can rest assured that your site and all your devices are secure, and that clean backups are always available. Get in touch today and get peace of mind knowing you have kept your individual information and business data secure from hackers.