Ok…. first thing… take a deep breath and relax. Neither of those things have happened. In fact, the color-coded system from Homeland Security has been replaced, so the next time one of your friends or co-workers tells you what color it is, tell them to get with the times. (See? Storehouse of useless information.) Why did I use that title for this post? It wasn’t to scare you, honest! I simply wanted to point out that you are focused on national security enough to know the meaning of both of those phrases (or at least that they pertained to national security). But, it’s much more likely that you’re going to face a security crisis in your business than be a victim of terrorism. And yet, if I were to mention some security terms pertaining to your business, such as “firewall,” “file encryption,” or “role based security,” do you really have the same feeling of dread as the mere mention of the phrase “shoe bomb”? You really should. Some big players have had some very serious network breaches lately. Sony’s Playstation Network, as an example, recently got hacked and lost the personal data of some 77 million customers. Could your business survive the loss of sensitive customer information? The best possible (and still realistic) answer is “maybe.”
If you are anything like the business owners I talk to on a regular basis, you are, even now, thinking, “but Sony is a big target. I’m just a small business in central Illinois. Hackers would never target me.” (Maybe your words are different, but the idea is still there.) The truth is, a target isn’t necessary. Computer hacking is a multi-billion dollar business and every computer connected to the Internet is a potential target. The days of a hacker sitting in his mother’s basement eating Doritos, drinking Mountain Dew, and targeting businesses for their juicy stores of sensitive data are (mostly) gone. Now, it’s about using automated scripts and programs to take over computers and turn them into “zombies.” (If you’re thinking, “Swami… this sounds like something out of a science fiction movie,” you’re not far off. Let’s just be glad that artificial intelligence hasn’t progressed to the degree seen in Hollywood movies!!) A zombie machine does, ironically, have some similarity to the terrorists that I mentioned earlier. In the world of national security, a “sleeper cell” is a group that infiltrates a target and goes about their everyday lives waiting for a signal to strike. The software that hackers use acts in much the same way. It allows the hacker to infiltrate the system and make it do his evil bidding. (Insert evil laugh here.) While these vast networks of zombie machines may be used to attack specific targets, it is far more likely that they will be used to participate in Phishing attacks, sending spam, and trying, generally, to defraud people.
In addition to the obvious (assuming that defrauding people is not a business you wish to be engaged in), this can cause any number of problems for you. Right off the bat, your bandwidth is being consumed by things other than your daily business. Your IP may be blacklisted for spamming, preventing your legitimate mail from reaching its destination. You may suffer fines or other penalties for failing to meet compliance issues. And there’s always the possibility of sensitive data loss. Still not convinced? The most recent data I could find is from 2006. It’s am article from the BBC discussing an unprotected Windows XP machine connected to the Internet — such a machine is called a “honeypot.” The data is alarming:
When we put this machine online it was, on average, hit by a potential security assault every 15 minutes. None of these attacks were solicited, merely putting the machine online was enough to attract them. The fastest an attack struck was mere seconds and it was never longer than 15 minutes before the honeypot logged an attempt to subvert it.
Keep in mind that this data is from 2006. That’s five years ago, which is a long time in technology (or dog) years. This problem is doing nothing but escalating, so it’s important to make sure your network is as safe and secure as it can be. Contact a professional technology firm and have them perform a security check on your network. Talk to them about options to prevent problems and ensure your business stays up and running.
