Celerity Ltd : Risks of an Unsecured Network

Gathering Business Intelligence

Competition in business is mainly seen as a good thing, but not when your main competitor is gaining access to your data via unscrupulous means and then copying your ideas. No longer the domain of soviet intelligence spies supposedly stealing IBM PC schematics (‘IBMski’), today’s businesses are under threat due to being heavily reliant on IT and the Internet. Every business has competitors no matter how big or small and the risk of an unscrupulous business gaining access to your data, whether being customer records, product schematics or financial data, has increased due to the majority of the software being freely available via the Internet. With access to this software, even people with very little previous experience of hacking can gain access using pre-defined scripts already created to steal usernames and passwords. A business rival in possession of such data and knowledge of your day to day operations can be damaging or even fatal to your business.

Insider Knowledge

The theft of company data can come in many forms. One particular study conducted in the US as far back as 2009 found that 6 in every 10 employees stole company data when they left their job, their reasons being from using the information to get a new job, start their own business or just plain old revenge. A study by security firm McAfee estimated that the total global economic losses due to data theft by organised crime, hackers and inside jobs by employees reached over $1 trillion. Criminals are now targeting smaller companies to gain access to personal information as larger businesses are taking security more seriously by implementing standards such as ISO/IEC 27001.

Increased use of Wi-Fi

More and more small businesses are now using Wi-Fi. This could be due to limited physical office space with the ability to provide Internet access without the need to run cabling to every device. But if your Wi-Fi access point is unsecured this could leave your staff and customers vulnerable to data capture attacks, criminals use techniques such as masquerading as Wi-Fi access points close to your business knowing that computers and other devices will try to connect to the strongest signal. Recent research in the UK has suggested that between 25% and 50% of all UK small businesses are currently at risk of hacking due to poor Wi-Fi security. If you are going to use Wi-Fi within your business consider the following:

• Encrypt your data, if you are still using WEP (Wired Equivalent Privacy) then change to a more secure encryption method such as WPA (Wi-Fi protected Access) or WPA2. WEP can now be easily hacked and is considered breakable even when correctly configured.

• When you choose WPA/WPA2 encryption, consider using Enterprise Mode over Personal Mode which uses a RADIUS server and is more complex to setup but enables you to give each user their own username and password to connect. So when a user leaves the company or their device is stolen, their password is simply changed.

• If you want to offer Wi-Fi Internet access to visitors and guests then consider segregating your network completely using a separate connection or if you are using a business class access point, these now come with the ability to use guest VLAN and multiple SSID to create the same affect.

• Always keep up to date with security patches and fixes for your hardware and software. Hackers are constantly looking for ways to gain access to unsecured networks.

Protecting customer data

Businesses in the UK are responsible for keeping personal data “Safe and Secure” - The Data Protection Act. No matter how big or small your company is without customers the company does not exist. Loss of data through breaches in your network can lose you more than your customers; it could cost you your business! Plugging the holes in your network because of data breaches can be time consuming and potentially costly, affecting both your customers and your business. Data loss affecting your customers, suppliers and other third parties can lead them to attempt to recover their losses by suing your business. This can cost time and money and even if the courts rule in your favour, the damage to your reputation can lose you your customer base. If the court holds you liable this can be seriously damaging to your business especially if it exceeds your liability coverage.

The “two week threat”

Only recently as reported by the UK’s National Crime Agency (NCA) a threat to businesses and the general public came to light. Malware known as GOZeus and CryptoLocker hiding within email attachments gave the hackers the ability to hijack users’ computers to search for valuable information and encrypt users’ data, to then demand a ransom if nothing of value was found. The NCA gave the general public two weeks to protect themselves before other servers used to control the Malware were back in operation.

Further information on ensuring your security software is up to date can be found by clicking on the links below:-