Hacking computers is no longer the domain of geeky teenagers looking to wreak havoc; it’s the new business of choice for international crime rings that use viruses, spyware and key logging to steal identities and billions from businesses each year.
“It’s always an arms race,” says Eric Livingston, president and CEO of Private Client Technologies, a Sarasota-based information and technology company that caters to companies too small to have their own IT departments. “All those cool new [computer] features allow bad guys to exploit things. Even anti-virus software has its vulnerabilities.”
Small companies may invest a lot of money in programs to combat the “bad guys” but then they don’t use them properly, often because they can’t afford the salary of an in-house IT person to make sure their computer systems are safe. (Livingston’s charges range from $25 to $40 per computer per month, depending on volume and options.)
“People tend to believe they are better protected than they really are,” he says. “But often the software is misconfigured or incorrectly installed.”
Here’s what you need to do to protect your business computers:
1. Use anti-virus and anti-spyware and make sure it’s updated. “People don’t realize how important it is to maintain,” says Livingston. Programs will update automatically if they’re properly configured and the software is up-to-date. “Frequently, the programs are expired and people become immune to those pop-up messages that tell you it’s time to renew.” He recommends separate programs rather than those that bundle anti-virus and anti-spyware programs. “Very few products do both well,” he says.
2. Routinely update your operating system software. Microsoft and Apple release “patches”—or fixes—to software problems that make systems vulnerable to attack. “By merely looking at a Web page, your computer can be taken over,” Livingston says. “Criminals can take your Quicken files, bank files and passwords.” Once a vulnerability is known,” he says, “day by day more stuff gets created to exploit the vulnerability. The danger level goes up dramatically.” Software makers “develop a fix and shut the door to exploits.” You can use an auto-update function on your computer to make sure those patches are installed.
3. Properly configure a “firewall”—a gatekeeper that facilitates the flow between your computer and the Internet. With wireless networks, people often don’t safeguard their connections with passwords. That means anybody with a wireless connection can jump on your network and hack into your private data.
Likewise, be careful when using open networks—those you can use without a password. “There may be some kid waiting to hack in from two tables away,” Livingston says.
4. Back up all critical data—on site and off site. “Don’t rely on tape backups,” Livingston says. “They fail about 30 percent of the time.” Instead, he recommends purchasing several external hard drives—costing about $100-plus—that can be plugged into your computer to make copies of important files. Rotating the drives will give you better coverage. For off-site backup, IT companies, including Private Client Technologies, will back up data via the Internet—an important thing to do in hurricane-prone Florida.
5. Create computer-safe business practices. “You definitely want to block certain kinds of attachments, especially executable (.exe) files,” Livingston says. Tell employees to be careful when opening attached files and to be skeptical of messages that don’t sound like the sender’s style. Frequently, a hacker will access your online phone book and send messages that appear to be coming from you or from someone you know. “There’s a human component to protecting yourself,” Livingston says. “Watch what sites you go to; don’t let other people use your computer account.” Instead, create a limited-capability visitor account.
6. Install safeguards on corporate e-mail. “Make sure your e-mail provider has good anti-virus and anti-spam software,” Livingston says.