When I was a teenager growing up in good old Blighty in the 70s & 80s, it used to be said whatever happened in the USA would find its way over to us sooner or later: fashion, musical genres, the weather and, of course, new technology – although to be fair, other than ghetto blasters and Walkmans, there didn’t seem to be a lot of that about when I was young!
Roll forward to the 1990s and early 2000s and technology had come a long way and many, if not most businesses had a website or were at least thinking of getting one. Back in the day, most of these websites were no more than electronic brochures and the ability to transact anything on-line was fairly limited. As a result, there was little more than lip-service paid to security by most business owners and even most website developers I came into contact with didn’t understand that the software and tools they were using to create these latest ‘must-have accessories’ (that’s how many people viewed their websites at that time) were themselves a ticking time bomb in terms of providing a way for ‘hackers’ to gain access to content and systems.
Back then, hackers were people who targeted the military, or the vivisectionists, or someone with something worth stealing; “…they aren’t interested in little old me running my chocolate biscuit business from the shed at the bottom of my garden – are they!? And anyway, my Internet Service Provider (remember them?), told me they had a thing called a firewall and that would stop anyone getting into my website…”
To be fair, those sorts of comments weren’t too far wide of the mark at the time. There was little that most of us stored online that was of use to anyone. I recall one prominent organisation local to me that had their website hacked back in the 1990s and all that happened is that there were pages full of white rabbits – an inconvenience and an embarrassment but hardly the crime of the century! The hackers did it simply because they could.
So why the reference to what happens in the USA coming to the UK? Well despite the protestations that Tim Berners-Lee invented the World Wide Web and he was a good ol’ Brit, the harsh reality is that most of what is good, and what is bad, started or gained critical momentum in the USA – and in my experience that includes the corporate hack.
Recently, a huge on-line ‘heist’ came to light. These guys were good, very good, and perhaps you’re thinking right now: Why would they be interested in me, surely they have bigger fish to fry?
Maybe, maybe not! Big things are easier to spot. Lots of smaller things that are not so obvious (this heist could be considered to be in that category) are easier to hide and so the corporate hack has turned into the SME hack and then in turn to the personal information hack and believe you me, it is well and truly here in the UK SME environment, and it’s here to stay.
Like it or not, the Internet, cloud, call it what you will, plays such a massive part of most of our lives these days that information about us is stored all over it. So the “little old me” website that no one cared about in 1998, is now probably processing credit card payments, or issuing Direct Debit instructions, or storing your name, address, date of birth, Debit Card details and much more to make your next shopping experience a more enjoyable one as you don’t need to type all of ‘that annoying’ information when checking out next time! All this data is there to be harvested and stitched together where required by sophisticated criminal gangs who are in it for the long haul.
By the way, don’t get me wrong; I’m not trying to blame our American cousins for the situation we now find ourselves in. Other nations now have the ‘glory’ of being the preeminent centres of the hack – it’s a truly global problem. The issue for me is, too many, indeed most, UK SME business owners with whom I engage don’t seem to think that they should be that concerned about security because “that’s something that happens to corporate America – isn’t it?”, it’s the “little old me” argument all over again but now with an identifiable victim – who happens to be someone else!
Well hey buddy, guess what? It isn’t just someone else. It could be you, and if you don’t do something about it, it will be you! It isn’t a problem limited to corporate anything. This is a clear and present danger for all of us, from the ‘half-human and a dog’ micro business to the largest enterprises on the planet. No one is immune.
Even if you don’t have your identity stolen you can experience massive inconvenience. Here’s just one example of how a hack can cost you dearly:
A company I know (who will remain nameless to spare their blushes), had a website which was based on a WordPress theme. For those who don’t know what WordPress is, I’m not going to try and explain, let’s just say it is a quick, largely efficient and cheap way of getting a website online. Well this website sat there for a number of years doing a pretty basic but nonetheless decent job of promoting this particular business. But the WordPress element was never updated. The business owner didn’t know it had to be, the website developer wasn’t getting paid to do it so they never bothered. The hosting company wasn’t engaged nor interested as it turned out, in providing that level of support and service and so one day, the site was found by a hacker and they got in.
This website stored no credit card or personal information, nothing really which could be of much use to anyone but that matters not. The hackers took control of the site in order to send out thousands of Unsolicited Bulk Emails – SPAM to you and I. You see, when someone sends a lot of SPAM, their server often gets blacklisted by the Internet community meaning that legitimate emails can’t be sent either. If the amount of SPAM is very large, then many servers hosted by the service provider can be blacklisted. This can affect hundreds or even thousands of companies, causing massive disruption and significant financial losses. Mary Poppins springs to mind – remember when there was a run on the bank over tuppence? Well this is a similar situation. One business fails to spend £30 to keep their website updated and thousands of companies end up being offline for half a day. Sounds incredible but it happens – and more often that you’d think.
But that wasn’t the end of it. These hackers were good. They left so many back doors (hidden code which would allow them to come back later and gain access again after the problem had apparently been resolved) that even an experienced developer advised the company to have their website re-written from scratch. You see, these hackers were so good, the attack so carefully planned, that they deployed all this hidden code in advance so that all the backups of the website also contained the hidden code. Hence, when the hack became apparent, the first thing that happened was a restore of the website, but of course this did absolutely no good whatsoever as the backups were infected. The company ended up scrapping their website and starting again – and that was a cost they were not expecting. The size of this business – 2 people, hardly corporate America!
There are numerous other security threats. Many other reasons why hackers will target your website or your computer or your network. The one absolute certainty is that you are not immune. Based on the amount of hack attempts we witness every day on our customers’ websites, you’re potentially under attack right now, or at the very least, being skillfully probed.
Your main defence is ensuring that all elements of your website are up to date and regularly maintained. But it doesn’t end there. Your email and computers as well as your business procedures need to be up to date and tightly controlled – sometimes ‘these people’ just call up and employees simply hand out user ID and password information over the phone.
The expert advice you need to improve your protection is readily available and needn’t be expensive. You probably have a trusted IT Services partner or web developer but if not, I suggest you seek one out and ask for a quick audit of the main entry points to your business systems – your website, your email and PC password standards, and your PC and server update programmes. It may cost you a few pounds now but compared to the carnage I’ve witnessed, it will be money well spent.