Okay. You’ve submitted your business plan, bought your domain name, hired the services of a web designer, purchased the latest flashy IT kit and maybe found some office premises to rent. Life is good; business will be great!
But wait, have you thought about everything? Can I suggest that the flashy IT kit might actually need some protection, your web site might not be secure and your web server may not be protected? Did they mention to you in your free business start up classes that computers are attacked on a very regular basis?
Attorney General Baroness Scotland said; “It is widely recognised that e-Crime is the most rapidly expanding form of criminality and knows no borders.”
What exactly are we talking about here? Well a study carried out last year placed a number of “ordinary” computers on business networks that had access to the Internet. In a period of five days there were approximately 25,000 attacks on these computers.
Hey that’s okay; my computer only has details of people I trade with, customer accounts and the latest design of my ground breaking invention. Oh thanks said the “hacker.” I’ll start with the latest design because I can sell your Intellectual Property and as we all know first past the post gets the money. Have you registered it?
Now let’s take the customer accounts, personal information, bank details etc. Should be enough there to take out some loans, maybe a mortgage, oh and buy the latest Flashy IT kit. Great this person has actually made a document of CSV (Three Digit) numbers they write down when use certain online payment facilities. (It does happen)
What about the people you trade with. Well they are trusted. I have their bank and email details. They have mine and are part of the company’s electronic supply chain.
They are two or three tiers down and may not have the security you have or expect of your suppliers. So they now become the weakest link and I can either disrupt your business or work my way up to attack your IT Infrastructure. If I disrupt your business in any manner then your competitors may gain, as they fill the orders you could not meet.
I’ll discuss the various threats to your business systems in the future but let’s get a few basics in place.
Is your software updated? Everyone shouts “yes” which is why Microsoft released a patch for the Conficker Virus in October 2008 before the first reports of attack in November 2008. By January 2009 at least 30% of computers were still vulnerable. So does everyone really patch their computers?
Of course you have the latest anti-virus products, which get updated on a frequent basis. Did I hear somebody say I got mine off a car boot or downloaded it from a file sharing network? Bless – shall I mention the manufacturers IP or even code put into the AV software by the file sharers to open up ports on your computer, to be used as methods of attack.
I know that everyone has a secure password such as “Bill” “Bill1” etc. My password is mangled which means I’ve changed the E for a 3 and I for a 1. They will never guess “Legolas” will they? Actually brute force attacks on Bill will find it very quickly as will the dictionary attack on E for 3, or the Lord of the Rings dictionary. Don’t become part of the estimated £500 million plus a year loss to UK businesses. Create secure passwords.
Don’t let anyone steal your dreams of a successful business. Update your operating system software and your anti-virus software on a daily basis and make sure your passwords are strong. Remember over 1700 attacks a day, in a five day period, happen to people like you.
I will go on to discuss the different types of attack that may impact on your business and suggest strategies to deal with them including getting your business back online as soon as is practicable.