I’ve had a few clients ask me me this week what level of security we recommend and more specifically, “can my company be hacked?”. My answer is quite simple – you want to install the best system that your budget allows for because this is not an area that you can afford to scrimp on.
Threats that seem innocuous and minor can in fact cause significant damage not just to your system but to the systems of anyone who works with you. Case in point is “Stuxnet” (the invasive computer work worm virus that penetrated the defences of the Iranian nuclear facilities). This worm was deceptively simple – it spreads everywhere until it finds its targets then takes over the operation of system components and you are none the wiser until your systems starts behaving in un-expected ways. While Stuxnet itself was obviously incredibly complicated, the method of transfer and aim were astonishingly basic – this was cyber terrorism stripped to the simplest level.
The invasion by Stuxnet was made easier because the Iranian nuclear facility used default passwords that “came with” the system when it was installed. These passwords were never changed and allowed Stuxnet virtually free reign to infect the system. Needless to say Binary Limited recommends that all passwords meet a minimum strength requirement and are regularly changed.
It has been speculated that Stuxnet was developed and deployed for sabotage. Whatever the reason Stuxnet and subsequent variations are still very active. For average businesses, the thought of deliberate sabotage may be an extreme risk but the danger with viruses is that they spread indiscriminately so you may become an unwitting victim unless you have adequate defences in place. Binary Limited can assist with eradicating viruses from your system but as always, prevention and protection are better than dealing with an issue after the fact.
A few simple tips:
• Ensure your virus protection is adequate and up to date
• Audit the work of your IT provider to ensure simple mistakes like leaving default passwords are avoided
• Check that your passwords are strong and not commonly used
• Have a process for backing up your data and actually back up your data regularly