I made a post regarding security in Passwords – Not the Ultimate Security Tool. Today, I want to speak about having your system ransomed back to you.
First of all, one benefit to networking with businesses outside our industry is that I hear more details about these types of issues. One such company that was informative to speak with was Virta Labs. They specialize in cybersecurity for healthcare and this is a particularly-interesting post of theirs Don’t Let Ransomware be the JBOSS of You.
However, what they were talking about being of issue is ransomeware. This is when your network or web-site, for a couple examples, are taken over by hackers and ransomed back to you. This is a problem on the rise in heathcare. However, even outside their industry, they told me this is an increasing problem.
Note to those of us with small businesses: we’re becoming a particular target. By the way, the hackers aren’t asking for millions of dollars for ransom from us but asking quite reasonable sums that any of us would be able to afford. The point is that they just want the money and to give you your network or site back, basically, not to spend a lot of time in negotiations are waiting for you to try to dig-up the money.
So, this is a warning to all of us to use proper security. Don’t leave your logins set to the installation settings, for example. Scan for viruses. Use two-factor authentication. Do all the things you need to do to be secure. Not just for those of us with small businesses but, if hospitals and clinics are being targeted, how long do you think before pharma/biotech and others are targeted, too? They possibly are already being targeted but we don’t hear about it because it’s the standard to keep it under wraps if you’ve been hacked. Most companies won’t admit it, publicly.
Gloria Metrick
GeoMetrick Enterprises
http://www.GeoMetrick.com/
I am making it a point to implement 2 factor authentication anywhere it is available. For instance, when I logged in to post this comment, I logged in with my twitter account. My twitter account is under 2 factor authentication. It sent me a text message with a code that I had to enter in order to complete the login process. The code expires after a few minutes and cannot be re-used.
Ultimately, all websites will be under SSL and I think it will be common for any site that has a login, to use 2 factor authentication. Another common attack vector is on the site itself. There are a wide variety of security measures that sites must be designed to mitigate. Here is a wiki book I put together some time back that summarizes those security areas that need to be looked at: http://www.limsbook.com/web-application-security-guide-a-brief-introduction/1692/ The booklet is short but it sums up the main areas of vulnerability.
Finally, here is a tool you can use to run against any website and scan it for vulnerabilities. It is a great tool for site owners to use to shore up their site security: https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework
This one is free and open source and is pretty much the gold standard when it comes to penetration testing of sites.