In recent months data security headlines such as the phone hacking scandal by News of the World journalists has highlighted the importance of small and medium-sized enterprises (SME) being diligent in protecting company data.
Joe Stewart, director of malware research at the counter threat unit at Dell SecureWorks, says that while there is more awareness among SMEs about computer security and data protection now compared with five years ago, there is also more activity.
‘It has got to the point now where any criminal can just go out and purchase all the tools to carry out these types of online identity theft or potentially stealing attacks, and they don’t have to have much knowledge about how it all works,’ he says.
ACCESS ALL AREAS
Stewart says most of the cyber attacks are actually carried out using malware, which is short for malicious software. Normally, malware is the way hackers access and maintain a presence illegally in computer systems, and unfortunately, they have found a sweet spot in SMEs.
‘Hackers especially like it when they get access to a business because it means, with some work, they might be able to interfer with the finances of the business bank account, and therefore get away with some pretty hefty sums,’ he explains.
Nick Steele, consultant at information security-focused Red Island Consulting, advises that voicemails should be protected by a PIN number, which should also be changed on a regular basis. ‘In addition, IT and telephone departments should pay particular attention to verifying the identity of users requesting password resets,’ he says.
Steele adds, ‘The recent issues around voicemail hacking were often aided by the exploit of “pre-texting” – pretending to be a user to gain access to the password, or to have the password reset. Again, back all this up with clear, sensible and above all easy to follow company policies and guidance.’
After GHM Communications spoke to its network provider and learned that people had been trying to access its phone system, it was time to make sure all precautions were taken to safeguard against attacks.
Engineering manager Stan Matthews says that businesses can be hacked by criminals dialling a random direct-dial number and taking a chance that it would divert to a mailbox. A mailbox unprotected by a password would have a default of 0000. A hacker would know this and set the mailbox to forward calls externally to premium rate or international numbers.
‘It’s important to always ensure that all mailbox pass codes are changed from the default setting. Remove any unused mailboxes and bar all ports from making external calls in night service and at weekends and bar all spare ports from making external calls,’ says Matthews.