Latest developments in the security industry have made headlines in the national media. Identity and credit card theft is getting out of control, catching many unsuspecting business owners and their customers by surprise. However, it seems that business owners are oblivious to this fact until their business network gets hacked and their customer’s sensitive information ends up in the wrong hands.
Recently I encountered a few cases in the field prompting me to write an article on the network security. Long gone are the days when hackers only targeted big entities or corporations in order to make a profit. The new computer age has brought many benefits and dangers. These days most businesses rely on technology in one way or the other. Did you notice that even your corner store now accepts credit cards using a machine that is no longer connected to the phone line but to a computer in the back? Well, the hackers did.
It’s essential to understand that most small business networks aren’t setup by a professional network engineer. More often than not the networks are slapped together by a friend, a cousin or a nephew of the owner, who “knows computers”. These types of networks are prone to the attack because the concept of security is foreign to their designers.
Recently my colleague visited a local pizza store to replace some wiring and a small switch that connects the Point Of Sale systems to the internet. He discovered that the pizza shop was running a wireless network that was secured only using WEP encryption with a pre-shared key. This type of security is still available on most wireless routers. Older routers even use it by default.
To most people this network would seem secure since the connection can’t be established until you enter a password. However, any information security expert will tell you that “cracking” this password is a matter of minutes. An intruder with modest skills can infiltrate such network using just a laptop and some software tools freely available online. Continuing the investigation my colleague noticed that one of the POS systems was used as a server, storing some sensitive company data unencrypted.
In some cases even bigger organizations such as medical practices face similar issues. One of my clients, a fairly large practice, has treated thousands of people over the years collecting thousands of patient records in the process. When I first began assessing the network I was astonished by the lack of security I encountered. The previous IT support company moved all patients’ records into a web based Electronic Medical Records solution, which was accessible to the internet with an admin password that is number two in most brute force dictionaries. Brute forcing is a form of attack where an intruder tries to guess a password using a software tool and a dictionary of most popular password words.
This was not only a threat to patients’ private information, but also a huge liability for the company. A loss of such sensitive data would deal a catastrophic blow to practice’s reputation.
Information security has become a subject that business owners need to pay close attention to. Hiring an expert to properly configure the business network is an essential task, just like hiring a locksmith to provide physical security for the office. Many businesses have learned the hard way that cutting short on the IT cost could cause damage which the company might not recover from. Don’t fall victim to the lack of security awareness.