Before we address anything else, we’re going to answer one simple question that is and always will be true. Is your company website at risk for malware? The answer is unequivocally and infinitely yes. No, that’s not far-fetched or extreme, and here’s why.
According to FBI Director Robert Mueller III and cybersecurity experts, every company can be classified in one of two ways: those that have been hacked, and those that will be.
Do you believe by some holy miracle this rule doesn’t apply to your organization? Think again. Even Equifax suffered a significant attack recently, which put the private details of hundreds of thousands of customers at risk. No doubt, the company will be dealing with the consequences of the breach for years to come.
Looking specifically at the Equifax debacle, there’s a whole lot of criticism over how it handled the breach. That includes how it dealt with the aftermath and how it informed those affected. How can you use that scenario as an example and apply it to your own organization? What can you do to prevent malware attacks from happening to you and your customers? When it does happen — because it will — how can you mitigate the damage and recover faster?
How to Tell if You’ve Been Hacked
Equifax waited a ridiculous and unacceptable six weeks to disclose the breach, which includes addresses, Social Security numbers, birth dates and more. One reason this is egregious is because it took away the opportunity for all 143 million affected Americans to act preemptively and protect their personal details. It shows a serious lack of concern and care for customers, even if it does care more than any other company in the world. It’s also a publicity nightmare that the company will be reeling from for a very long time.
It also raises one important question: Why would companies delay before sharing the details of a data breach or cyberattack? It’s possible that in Equifax’s case, it was simply negligence and it chose to retain the information. It’s also possible they just didn’t know, which is unfortunate.
Yahoo is another example of a company that had a sweeping, yet undiscovered breach. How can you be sure this doesn’t happen to you and your organization?
The answer is to deploy modern breach detection tools, use network analyst platforms and put an emphasis on real-time monitoring. More importantly, pay attention to the most common breaches and attacks that happen, and explore ways to prevent them on your own network or systems.
If a rival or competitor had its point-of-sale systems breached, find a way to protect your own. Look at how the attackers gained access, where the vulnerabilities came from and how they were leveraged. If, for instance, you use the same POS provider as a company hacked, it might be time to beef up security and make a partner switch.
Prevention Is Not the Only Concern
Many organizations, security teams and system administrators spend the most time setting up preventive measures against malware threats. Maybe they deploy a super-robust authentication platform, or rely on a capable firewall to prevent unauthorized network connections.
The same is true of virus and malware software, which holds your computer and files hostage until you pay a ransom fee. These are all largely preventive tools that work to delay or stop an attack. At best, they usually slow down hackers or cybercriminals, but unlike a dam, they don’t completely prevent a breach. Therefore, prevention is important, but it should never be the only concern.
Your team, organization and decision-makers should spend as much time coming up with a reactive plan as they do putting preventive measures into place. If and when there is a breach, how will you lock out the attackers? How will you secure data before it can be lifted? How will you inform your customers, and how soon? Do you have systems and protocols for monitoring unauthorized access, and can you easily prevent further damage? Are you encrypting the data you have stored, remotely or locally?
The sad truth is that so many companies and organizations worry about these details after they’ve experienced a breach. Sometimes, they don’t learn their lesson even after multiple breaches — as is the case with Yahoo.
Take Your Website Offline in the Interim
Yes, you will lose business by taking your website and related systems offline, but the damage will be a lot less than if you leave it open to your attackers. While your security team assesses a breach, vulnerability or any stolen data, shut your site down.
You can do this one of several ways. Take down the main portal and replace it with an “under construction” or “temporarily offline” notice, or password protect the main directory until your security team is finished.
Blocking all traffic and preventing future visitors will help your security team get their work done faster and more efficiently. It also prevents unauthorized parties from continuing to access data and systems. For example, if the information or data is stored remotely and they have server access, taking your website offline will sever that connection.
Know Your Userbase
One of the best aspects of modern networks is the idea of authentication or identification. Even with a BYOD environment, your security team can rely on automated software to log and monitor anyone that has network access. Of course, setting up these processes and systems can be costly, but it’s always worth the hassle before a breach or attack happens.
Some of the high-profile tools discussed here, for example, will allow system administrators to identify problematic users and take action. The latter point is extremely important, especially for preventing further damage after an attack.
Stay Informed and Stay Safe
Protecting your site, network and systems is a proactive process. Employees and human error can be one of the main factors of a serious attack or threat. The solution is to keep them educated and informed, and you should be doing the same.
Your security and network teams should have access to all the latest tools and software. Also, they should always be able to further their training and skillsets. You, as a decision-maker in the development world, should also follow suit. Spend as much time as you can staying informed about current industry trends and happenings, especially when you hear word of a new type of cyberattack or malware. It can make all the difference when you sit down to plug holes or vulnerabilities.