Update for December 2017 (Originally published February 2016): Determining whether or not your business has been breached is one of the toughest tasks in the IT universe. Skilled hackers are great at finding vulnerabilities, being patient, covering their tracks and not raising suspicions. They can spend a lot of time in your network looking around and often steal information a little at a time so you don’t know it’s happening.
Other than the most obvious clue — a ransomware screen telling you that your data has been encrypted — how do you know if there’s an intruder in your network? Here are 12 signs and your best defense to prevent it:
How to tell if your business been breached
- You find (or someone else finds) your company’s confidential data online
- You discover unauthorized downloads on your network
- You learn an email attachment that was opened wasn’t sent by a colleague after all
- You get one or more login attempts from an unusual, remote location
- You discover a lot of system activity at unusual times
- You discover system activity at an unusual time for a privileged user account
- Your e-commerce payments are disrupted, even for a short time
- Your webcam light comes on for a moment for no apparent reason
- You find your logs have been tampered with or have been attempted to be tampered with, possibly to cover up the tracks of a breach
- You discover a surge in outbound Domain Name System (DNS) traffic, which means your network could be part of a botnet
- You are experiencing a Distributed Denial of Service (DDoS) attack that is sidetracking your security team (it could be a ploy)
- Your anomaly-spotting IT security tools spot other types of anomalies
The best defense is a good offense
Best line of defense #1: Don’t be low-hanging fruit
Criminals prefer weak targets — of course, they’re easier! So lock up your data, secure access to your network, and continually train your employees. Each year there are hundreds of breaches across all industry sectors and you can bet most of the victims were not the ones that had the best defenses. And while it’s breaches of enterprises, multinationals and government offices that make the news, the vast majority of attacks are against companies with less than 100 employees.
Best line of defense #2: Go hack yourself
Do you want to know how your business can be breached? Try to break into it yourself! Actually, hire an expert called a white hat hacker to do it for you, then take action based on the report. They’ll search for network vulnerabilities in all corners of your IT ecosystem, including portals like unencrypted laptops, Dropbox and other cloud accounts, and private email accounts. This way you can fix (or insure) the problems before you get a dreaded ransom note, lose business, or worse.
Best line of defense #3: Use managed security
Managed security means making sure your network meets specific security standards and then monitoring your network for anomalies at all times. With managed security, you know when attempts are made to enter your network and also when data leaves your network. If you know it’s happening, you can stop it faster and take immediate steps to prevent the stolen data from being used against you, your employees, or your customers.
Here are the basic steps to keep your data where it’s supposed to be:
1. Know where all of your sensitive data is located. If you don’t already know, there are tools that help you classify the information on your network by indexing all of the data on all of your computers. When you have good policies and procedures in place regarding location, it’s a lot easier to identify when something isn’t right and to stop it.
2. Use disk encryption and multi-factor authentication. You should automatically encrypt all data on your network and verify the identity of each person who logs on. If employees need to download files to their laptops from your secure network to work on them, the files need to stay encrypted on their laptops. Using Virtual Desktop Infrastructure (VDI) or another secure file access solution to work on files remotely is the best way to go.
3. Use Data Leak Protection (DLP) to help keep data from leaving your network in an unauthorized way in case you do get infiltrated. It’s an added layer of breach protection for companies that are responsible for sensitive information about other people, and for high-profile or publicly traded companies.
4. Insure what you cannot reasonably protect. The best way to protect data is to do it systematically by following standards that are most appropriate for each specific business and then having IT experts actively monitor network activity by using advanced tools. Even this isn’t foolproof; but if a breach does occur, it ensures a fast, decisive response that limits damage.
Protecting against breaches by designing and managing secure IT environments is at the core of Leapfrog’s business. All of the managed IT services we provide start with the most appropriate standards, include a set of people, processes, and tools that meet those standards, and undergo continual updates and improvements — technology does not stand still! So, we don’t either. If you might be interested in working with a partner who focuses on keeping you safe while also keeping you productive, we invite you to please give us a call.
If you liked this post, don’t forget to subscribe to FrogTalk, our monthly newsletter.