Hello guys! Niels here. Lately (well, for the last few years anyway, but more so in the last few months) there have been TONS of reports of businesses getting hacked in various ways. Some are simple email hacks that send out a bunch of spam, and some are the most severe, data breach ransom hacks. What can you do to stay protected?
Different Types of Hacks
This is the recent heavy hitter, the one we are all hearing about. In a nutshell, ransomware encrypts all your data, holding it hostage until a ransom is paid, usually in the form of bitcoin, to an untraceable wallet. We NEVER recommend paying the ransom, since you should have good backups in place. Once ransomware hits, it is IMPOSSIBLE to tell if any confidential data was stolen or if any backdoor access was allowed. If you are hit, wipe everything out, and pull from backups. This also falls under data breach, so you should inform the parties involved.
This is a bad one, but easier to track down whether or not confidential data was stolen. Data breaches can consist of different types of hacks, but it's worth talking about on its own. If you have a data breach, you must notify your customers and any compliance organization you must follow, like HIPAA. If you have a data breach, the first thing to do is secure the entry point of the breach. Usually, it's less technical than you think. Some data breaches come from physical stolen computers/phones/server, and some come from disgruntled employees. Keeping track of access logs will allow you to figure out what happened.
These are simple, sometimes more annoying than anything. Email hacks fall under the phishing category. We'll talk about that more in another post. Email hacks are easy to identify, easy to stop, but can cause real problems. Remember when you got that spam email from a client, business, or friend? They probably got hacked and their email is sending out garbage and spam in an effort to hack others.
How To Stay Safe
Staying safe is actually pretty easy. Most of the recent hacks come from only a few internal issues. Let's learn how to do it right!
If you are still saving passwords in a word doc or on sticky notes, STOP NOW!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Using a free password manager like LastPass or Bitwarden (our favorite) allows you to safely store all your passwords. This comes to point 2, you should NEVER reuse passwords. This is how the most recent hack on 400 dental offices came about-a management company reused a password and forgot the account was there. Using a password manager means you don't have to remember all those passwords you create. It will keep track of them, log you in, etc all without racking your brain over complex passwords. Also, changing your passwords every 90 days makes sure leaked passwords are unusable.
2 Factor Authentication
Another very easy one, 2 factor involves sending a text or entering a random code when you sign in. This means that someone singing in from an unknown location won't be able to get past unless you give them the random code. This means you must always have your mobile or other trusted device with you, but it is an EASY and HIGHLY secure way to prevent hacking. We recommend you go turn it on right now on everything you can.
Clicking on bad links on email is the # 1-way hacks start. Training staff is an easy and cost-effective way to stop hacks before they even get past the email. Most phishing emails are easy to spot, and if your service provider gives you an advanced spam filter, you may never even see them. Training staff on what to look for may save your business from disaster and expensive recovery.