How to protect your business from hackers

By Jim Kendall

This column originally appeared in the June 9, 2014 Daily Herald



Apparently there’s no such thing as being too small a business to be hacked.

A small suburban business that shall remain unnamed discovered that its access to its own files had been blocked – ransomed, actually – by crypto locker, malware that additionally threatened child pornography claims against the company.

Access would be restored and the potential porn claims dropped upon payment of a bitcoin ransom, which escalated daily. (Bitcoins are an unregulated Internet currency. Generally, you buy bitcoins with real dollars.)

The intrusion was solved in less than a day, but the shock and nervousness linger.

The real threat, says Dave Davenport, is that hackers “will take control of your system and steal your assets.” Davenport is CEO of MotherG, an Itasca company that provides IT support to smaller businesses.

Chances are, there is no individual staring at a computer screen trying to determine how to get into your data system. Instead, Davenport says, malicious content is “just floating around” looking for any landing place that has a security weakness to exploit. “Over 90 percent of the content on the Internet is malicious content,” Davenport says.

In other words, the bad stuff most often is random rather than personal.

“The thing is,” Davenport says, “businesses can protect themselves with basic good practices.”

Our willingness to go ahead and click on links we know we should leave alone is a big part of the problem. According to survey data from MAAWG, an international organization seeking to improve online safety, 43 percent of computer users have opened a message they suspected to be SPAM or fraud; 11 percent clicked a suspicious link in a message; and four percent opened a suspicious attachment.

The survey data were posted on the MotherG website earlier this year.

Prevention, or at least steps to take to minimize the likelihood of being hacked, is relatively straightforward:

* “Be really careful,” Davenport says. “Don’t click emails you don’t know.

“If you get an email that looks like it came from your bank, open a new browser, go to the bank website you regularly use and check things out. Don’t click on the ‘click here’ button in the email.”

The issue with emails supposedly from your bank is not new – it’s called phishing – but computer users keep biting on the scheme in part because what actually is a counterfeit bank site often looks very real. Call your bank if you are uncertain – but call the number you know, not the one in what may be a malicious email.

* Don’t use old technology. “There are no more updates to XP,” Davenport points out.

* Keep your software up to date. “Use the Microsoft patches,” Davenport says. “Update your anti-malware software every day. Too many people buy anti-virus or anti-malware software and forget about it for a year or two.”

The idea, Davenport continues, is to make the window of vulnerability as small as possible.


© 2014 Kendall Communications, Inc. Follow Jim Kendall on LinkedIn and Twitter, and at Kendall Communications on Facebook. Write him at