Saturday, October 18, 2008

Hackers and Crackers: Barbarians At The Gate

Hate to tell you this but the barbarians are at the gate. Hackers, crackers and script-kiddies armed with dictionary software are poised and ready to hack your site and make off with all of that highly-sensitive customer data – oh, you know, names, addresses, CREDIT CARD NUMBERS. I wouldn’t want to be the guy who emails his customer base to cancel their credit cards and contact Experian, TransUnion and Equifax to flag their credit activity for the next two years.

Whether your MySQL is crammed with sensitive data, or your CMS is packed with sensitive, proprietary business information, you need to protect what you got, Jack, or you ain’t got jack.

Redundant layers of security are the norm in the corporate realm, but we regularly read that this university, this credit card company or this retail store data has been hacked and is now floating out there in the Ethernet. So, what’s a small business to do? A sole proprietor or a two-man dog-and-pony? How can they assure security?

The Number One Source of Hacker Attacks Is Some One You Know
Yeah, it’s not some 15-year-old in Bora Bora trying to access your MySpace account. The most likely threat is an angry business partner or sub-contractor or, sad to say, a spouse, a kid or your friendly Uncle Bob who comes over every Saturday to balance accounts.

Cures: Limit access to your business computer. It should not be a part of the home computer network. It should be a separate and distinct work station, password protected, off limits to anyone.

Bulk up your passwords, especially when keeping those who know you out. Forget Fluffy 909. An irate spouse’ll figure cat + birthday = password. Use signs, symbols and numbers to create passwords that can’t be defeated by someone you know.

Then There are the War Drivers, War Chalkers, Viruses, Worms, Trojan Horses, Key Logger Software and Zombie Computer Armies.

War drivers cruise industrial parks looking for leakage from an office network. All they need is a laptop, an antenna and networking software and they become a part of the office gang.

And all of that other nasty hacker-crap is out there. What can you do?

Protect your work station data and back it up automatically with an outboard hard drive.

Use a reputable host who maintains multiple layers of security hardware and software. Ask about access to the server room, ask where the servers are located and ask about on-site security. You can get good shared hosting for about $7.00 a month so we’re not talking breaking the bank, here.

Scan everything.
As an online entrepreneur, your inbox is filled every morning with every thing from the 14th penis enlargement spam this week to actual emails from customers and clients. Separating legitimate email from hacker missives isn’t always easy. However, any good email system will scan incoming, but if you have doubts, perform a separate scan on a piece of email before opening.

Use SSL Encryption
First, no savvy computer buyer is going to place an order if the little ‘s’ in ‘https’ is missing from the address bar of a site, and those that do jeopardize their identify, credit and your business

Maintain Your System Security
You don’t have to pay a bunch for site security software – good stuff. There’s even some OSS out there that professionals use. However, none of this software is going to do any good if it’s data and hasn’t been patched in three years

New bugs, viruses, scams and schemes are unleashed upon our sorry selves and there is no web police. It’s the wild, wild web.

Here’s what you want:

server side security and lots of it

SSL certification if you’re transmitting personal information.

An automatic back up system, i.e. an outboard hard drive

Quality system security software that performs a daily scan in the background and produces a log for review. Keep log data to track attempts by hackers to breach security.

A separate system, distinct from a home or office network. A stand-alone impervious to ware drivers, war chalkers and other ne’er-do-wells.

A hands off policy if you work out of a home office.

Security scan software – software that equips you to scan individual documents for malware.

Passwords on steroids. Let ‘em break :q##s6gr))1!sz+++. Never gonna happen.

Finally, stay vigilant. You never know where a security breach will take place and there’s no 100% guarantee that you can make your business impregnable.

But you can sure make it hard on hackers who are more likely to move on to an open door than try to figure out your redundant layers of server- and system-side security.

No comments: