noelward
Well-known member
Sideways
Because being hacked is not fun
By Noel Ward, Editor@Large
Some of the most interesting things I hear from printers I visit come up after business hours. I’m sitting with the owner, having a drink before dinner. We’re a bit early so the place is quiet. The person I’m sitting across from has a sip, then begins relating how things went sideways when the company was hacked. He recovered, but not without pain. Annoying, isn’t it, how learning can come with a side order of pain.
Some of the pain I keep hearing about is cyber-security, perhaps due to the increase in commercial print shops offering electronic bill payment and related processing. It’s sometimes a little surprising given the amount of security built into many products (but not always turned on by default) yet is still not top-of-mind for many print providers, even those handling sensitive data. This is particularly true for those new to print jobs requiring banking or credit card info. Complicating this, such worries may not be limited to a printer’s customers.
Don’t be complacent
Think about the amount of information about your company and its customers that may reside on your servers and back-up systems. You don’t want anyone getting at this, which is why you probably have some basic security on your system. But suppose the bad guys are already inside?
For instance, consider the local veterinary practice for which you have recently added billing to the direct mail you already do. They may not be as aware of cyber risks and not know their customers’ credit card or banking info is exposed when paying an invoice. That data get can be accessed because while handling a customer’s bill your system uses a tiny bit of code that communicates with the veterinarian’s bank and links it to the customer’s credit/debit card. This tiny bit of code, part of what’s called a fileless attack, bounces off a legitimate command in a computer.
Risks abound
Almost any cyberattack can spoil your whole afternoon. A denial of service (DNS) is a basic one, blocking you from accessing email, internet, and the cloud. Used in conjunction with ransomware, a DNS can put the kibosh on work for a few hours. As of today, other top cybersecurity intrusions include:
Banks and credit card companies have high-dollar IT specialists on staff and are typically well-protected against most threats. Your shop may not be. You cannot be too careful because the threat of being hacked gets worse almost every day. Never assume you are safe. Tech-savvy printers I know have made that assumption and still had problems. This poses three questions, all inter-related:
Reach out to a local IT expert today and talk with your internal IT expert if you have one. Ask other business owners and maybe the local chamber of commerce for recommendations for IT providers with substantial data security expertise. Your accountant (often a first call) may have suggestions while not being especially knowledgeable: It’s just not her/his expertise. Have whomever you settle on evaluate your entire system and look for vulnerabilities. This includes all that “glass,” those personal cell phones, tablets and laptops that arrive every morning and connect to your network. Have the experts you hire explain the best ways to protect yourself and your company. Get started now. If the horror stories I’ve heard are anything to go by, you do not want your network to get sideways any time soon.
Because being hacked is not fun
By Noel Ward, Editor@Large
Some of the most interesting things I hear from printers I visit come up after business hours. I’m sitting with the owner, having a drink before dinner. We’re a bit early so the place is quiet. The person I’m sitting across from has a sip, then begins relating how things went sideways when the company was hacked. He recovered, but not without pain. Annoying, isn’t it, how learning can come with a side order of pain.
Some of the pain I keep hearing about is cyber-security, perhaps due to the increase in commercial print shops offering electronic bill payment and related processing. It’s sometimes a little surprising given the amount of security built into many products (but not always turned on by default) yet is still not top-of-mind for many print providers, even those handling sensitive data. This is particularly true for those new to print jobs requiring banking or credit card info. Complicating this, such worries may not be limited to a printer’s customers.
Don’t be complacent
Think about the amount of information about your company and its customers that may reside on your servers and back-up systems. You don’t want anyone getting at this, which is why you probably have some basic security on your system. But suppose the bad guys are already inside?
For instance, consider the local veterinary practice for which you have recently added billing to the direct mail you already do. They may not be as aware of cyber risks and not know their customers’ credit card or banking info is exposed when paying an invoice. That data get can be accessed because while handling a customer’s bill your system uses a tiny bit of code that communicates with the veterinarian’s bank and links it to the customer’s credit/debit card. This tiny bit of code, part of what’s called a fileless attack, bounces off a legitimate command in a computer.
Risks abound
Almost any cyberattack can spoil your whole afternoon. A denial of service (DNS) is a basic one, blocking you from accessing email, internet, and the cloud. Used in conjunction with ransomware, a DNS can put the kibosh on work for a few hours. As of today, other top cybersecurity intrusions include:
- A fileless attack operates in a system's memory (RAM) rather than being installed on a hard drive. Ordinary antivirus software may not detect fileless attacks because they use trusted tools (like an operating system or program you paid for) to execute malicious commands. These attacks can start through your browser or even through phishing, a good reason to avoid being phished.
- Phishing (aka social engineering) remains common in the age of social media. It can be significantly more insidious than it seems.
- Ransomware is an old tool that continues working.\
- Supply chain attacks often use third-party software to gain access to a targeted organization. This type of attack could use your company to penetrate a targeted entity—such as your bank, where you probably have access.
- Man-in-the-middle attacks have a bad guy sitting unseen on a communication between two people who think they are communicating directly. Basically tapping your internet line, the bad guy is hoping find credentials, passwords, or communications that can be altered
- Https spoofing, in which “https” in the URL doesn’t assure security.
- Exploiting stolen credentials, also called identity-based attacks.
- Time bombs are an old trick but still out there. These are a virus that’s planted on a hard drive that will be activated on a certain date or when a certain file is opened. These can sometimes be found by a deep scan but good hackers can make them hard to find.
- Inexpensive software available on the dark web enables a hacker to access your network, encrypt your files or make them all PDFs with 27-random-character access codes. Hope you have a clean back-up! And maybe a spare network and internet connection. By the way, is your router also secure? Have it checked along with your network.
Banks and credit card companies have high-dollar IT specialists on staff and are typically well-protected against most threats. Your shop may not be. You cannot be too careful because the threat of being hacked gets worse almost every day. Never assume you are safe. Tech-savvy printers I know have made that assumption and still had problems. This poses three questions, all inter-related:
- What are you doing to prepare? Have your network checked right away, then on a regular basis (every few months is common). Have a written intrusion plan that can be implemented on a moment’s notice. It should include your internal team and an IT contractor.
- Where can you seek help? It’s best to be as preventative and proactive as possible because without a plan in place immediate help can be hard to come by. Have ironclad service agreements with IT and security experts who may be able to guide you if things go sideways. More than one printer I know rehearses his/her disaster plan once or twice a year. Cyber-insurance may be useful but don’t count on it. It can also be incredibly expensive.
- How can you get back up and running? First, don’t touch anything. Fixing it is what IT and cyber-security experts are for. Call them, not your graphic designer’s boyfriend who is reportedly great with computers. Also, being hacked is rarely a “restart-the-system” problem. In fact, restarting can sometimes make things worse because some viruses are designed to go active after a hack-instigated restart.
Reach out to a local IT expert today and talk with your internal IT expert if you have one. Ask other business owners and maybe the local chamber of commerce for recommendations for IT providers with substantial data security expertise. Your accountant (often a first call) may have suggestions while not being especially knowledgeable: It’s just not her/his expertise. Have whomever you settle on evaluate your entire system and look for vulnerabilities. This includes all that “glass,” those personal cell phones, tablets and laptops that arrive every morning and connect to your network. Have the experts you hire explain the best ways to protect yourself and your company. Get started now. If the horror stories I’ve heard are anything to go by, you do not want your network to get sideways any time soon.
