Safeguard your rink’s computer files from hackers with expert tips
By Joe Dysart
Already making chump-meat of the most sophisticated of computer defenses, hackers are unleashing a new wave of malware on unsuspecting rinks and other businesses in the coming year―many of which are completely unprepared, according to Sophos.
“Cybercriminals tend to focus where the weak spots are,” said Gerhard Eschelbeck, chief technology officer at Sophos. “Protecting data in a world where systems are changing rapidly and information flows freely requires a coordinated ecosystem of security technologies.”
Perhaps even more disturbing, Hackers will be increasingly targeting small and medium-sized businesses, like skating rinks, according to Mark Brophy, director of information technology at Rogers Townsend & Thomas. The reason? The defenses of smaller business are generally weaker, he said. Plus, these less-protected systems are often seen by hackers as easy back doors to the much larger clients with whom those businesses may trade.
Essentially, once hackers penetrate the relatively weak defenses of a small business, they can plunder the data on its network to go after their bigger game clients, according to Brophy.
Not surprisingly, many giant and multinational corporations are hip to the trend. And they’re responding by performing tough security audits of their smaller trading partners. If they find a security risk, many decide to simply pull work from the offending business rather than risk a ‘break-in by association,’ according to Brophy.
Small and medium-sized rinks looking to pass these hard-nosed audits―or reassure trading partners that their mutual data is safe―will need to convince trading partners their computers are secure. And they’ll need to show defenses against some of the newest threats looming in the coming year.
High on the list of the new and the brutal is cloud-server-snapshot software. An insidious intruder, snapshot software can infect a cloud sever where a rink business stores its data, and take a complete snapshot of all the data that’s there―including passwords, Eschelbeck said.
Eschelbeck’s advice: If you’re using any cloud services for your rink, ask some tough questions about the provider’s security measures.
Meanwhile, increasing numbers of hackers are also using text-messaging theft software, which is surreptitiously added to the phones of unsuspecting users. Once activated, the software forwards all text messages to the hacker’s phone, Eschelbeck said.
“The potential exists for attacks like these to target Internet banking services” used by scores of businesses. Eschelbeck said. “Many banks send authentication codes to your phone. Malware on your phone is capable of intercepting those messages.”
Sophos has also detected the increasing use of ‘ransomware’ against small and medium-sized businesses. This app can infect both phones and computers of rinks, and render your devices inoperable. Hackers inflict the software on businesses, and then demand major dollars for its removal. Not surprisingly, the crooks rarely―if ever―follow up on removal if a business pays the ransom, according to Eschelback.
Yet another new threat is coming from computer crooks with average skills, who can become formidable hackers with what’s known as ‘superkit software,’ according to Eschelbeck. These do-it-yourself packages offer multiple, state-of-the-art ways to infiltrate even the most sophisticated cyber-defenses, he said. Criminals buying the software on the black market don’t need to know how it works. They simply need to know how to point-and-click.
Of course, rinks of all sizes should be using firewalls on their personal computers and other network protections to help neutralize hacker break-ins. And most businesses realize that even the most sterling of computer security defenses can be thwarted without similar vigilance at the individual device level.
“End-user computers are the weakest spot,” said Shane Sims, director, investigations & forensic services, PriceWaterhouseCoopers. “Typically, these computers are protected only by antivirus software, and the most sophisticated hackers attack at that point.”
But dollar-for-dollar, the best return on an investment in computer security is employee education, according to Brophy. Take the time to educate new employees about the critical need for computer security at your rink, he said. And continually reinforce top-of-mind security with regular email tips, tricks and news about IT security.
Once you have the organization sufficiently alerted, the computer security experts recommend these best practices:
*Encrypt All Mobile Devices: Securing all mobile devices, including Android devices, by getting your IT department to fully encrypt the units, can be very effective, Eschelbeck said. If you don’t have the expertise in-house, get it from the outside. Make sure all data cards used in those devices are also encrypted. And ensure that all data and applications on the devices can be erased remotely if the mobile device is lost or stolen.
*Encrypt All Cloud Data: Before cutting any deal with a cloud provider, ensure your contract enables your rink to encrypt all the data your business generates―before it sends that data to the cloud. With that safeguard, your data―and the data of your trading partners―should be impenetrable, even if a hacker takes a snapshot of the cloud server that’s storing that data. Again, you may need to hire a consultant to set up an encryption system for your data.
*Defeat Ransomware: Ransomware programs like Reventon, Citadel and Troj/Ransom can be neutralized by rebooting your computer with an anti-virus software program that contains its own operating system. Essentially, the tool runs your computer with its own operating system, finds the ransomware on your system, and destroys it―restoring your computer, Eschelbeck saiz. Sophos’ solution for this problem is Sophos Bootable Anti-Virus. Unfortunately, there is still some ransomware so sophisticated, even these tools cannot defeat it, according to Eschelbeck.
*Deep-Six the SuperKits: While there’s no bullet-proof shield against all the ravages of a superkit, there are some common sense precautions. Be sure to install updates to all the software on your system ASAP, Eschelbeck said. And be sure to disable security vulnerable software like Java and Flash, whenever you’re not using those programs.
*Armor Your Passwords: Strictly forbid employees from using the same passwords at work and at home, Brophy said. Hackers are aware of this habit, and regularly troll personal email accounts, hoping to find passwords they can then use on employee work accounts.
*Respect the Rule of Twelve: Prohibit the use of passwords shorter than 13 characters. The darker corners of the Web are rife with programs that can auto-crack any password that is 12 characters or less. Essentially, hackers simply activate an auto-crack program on a specific email account, let the software run indefinitely, and then plunder the account when the account’s password is revealed.
Joe Dysart is an Internet speaker and business consultant based in Manhattan. Voice: (646) 233-4089. Email: email@example.com. Web: www.joedysart.com.