Top Business Mistakes Hackers Love
Business Mistakes Hackers Love to See You Make
According to Statista, the total amount of data that is created, captured, copied, and used around the world stood at about 64.2 zettabytes in 2020. That amount is also expected to grow to more than 180 zettabytes by 2025. Needless to say, that’s a lot of data, data that continues to be of great value to hackers.
As one of the world’s most in-demand commodities, data, whether simple, complex, structured, or unstructured is at the epicenter of the modern digital landscape, fueling the machines of modern industry and in need of secure management.
Data is the New Oil
Data is the hottest and fastest growing commodity in demand right now, and there are no indications that the production or demand of data will slow down any time soon.
Much like oil, data holds little value in its original state. Oil must be processed and refined into the consumable product that we recognize as plastic or gasoline. Businesses and consumers produce an incredible amount of structured and unstructured data daily. And similar to oil, data requires refining and processing in order to become the insights that are so heavily relied upon by businesses of today.
However, there is one group that values data in all its forms: hackers.
The Cost of a Data Breach
In 2021, the average cost of a data breach is $4.24 million according to a report from IBM and the Ponemon Institute. That’s a 10 percent rise over the last five years. Small- to medium-size businesses (up to 500 employees) saw an average data breach cost of $2.98 million.
The COVID 19 pandemic and huge increase in organizations turning to remote work structures created a new financial and containment twist. According to the Ponemon report, the average cost of a breach came in at $1.07 million higher where remote work was a factor in causing the breach, compared to those where remote work was not a factor. And these breaches took an average of almost two months longer to identify and contain when organizations had more than 50 percent of their workforce working remotely.
The numbers don’t lie. Data protection measures have never been more important than they are today.
Not all Press is Good Press
An alarming trend worth noting is the seemingly frequent and severe reports of cyberattacks making headlines over the past several years. Equifax, Target, Adobe, are just a few of the “big name” organizations that quickly come to mind, not to mention the thousands of small- to medium-size organizations that got hit.
One of the most memorable major data breaches featured Equifax and the revelation that may have compromised the financial futures of more than 143 million Americans, that’s 45 percent of the U.S. population alone at the time. This consumer credit agency manages sensitive data ranging from social security numbers, driver’s licenses, to addresses and credit card numbers. Equifax failed to update vulnerable software components which ultimately led to scores of sensitive data being left open and vulnerable to attack or loss to the tune of $425 million. Those individuals and organizations that were impacted are eligible to file claims for expenses until January 2024 for identify theft or fraud expenses related to this spendy breach.
Adobe also was breached with the login information of 38 million customers stolen and credit card records lifted of 3 million customers. Consequences for Adobe: paying for the credit monitoring of impacted customers for one year, as well as a $1 million fine to settle in 15 states, plus an undisclosed amount to settle their violation of Customer Records Act.
These and other widely reported examples illustrate just how vulnerable organizations can be if hackers find their way into unprotected or outdated legacy systems through security or policy vulnerabilities and human error.
Whether you’re managing data for a small- to medium-sized business or you’re managing data for a multi-million-dollar global enterprise, there are many proactive ways to take back control of data protection within your organization.
Three Risky File Transfer Mistakes You Don’t Want to Make
Here are three common mistakes that hackers love to take advantage of:
1. Outdated Security Training and Policies
What your employees don’t know can hurt your security and compliance initiatives. Are they using unsecured personal computers, tablets, mobile phones, smart watches or accessing their Internet of Things (IoT) devices on your network? The non-stop, 24/7 access makes it even more important to ensure you have a clear security policy in place and separate user folders and control network access to better protect your data.
Consider offering regularly scheduled security training, not only on the proper handling of data, but also on organizational security policies. Data protection must be a team effort, requiring collaboration and full participation at every level of your organization.
If you are:
- Not securing or managing the endpoints within your IT infrastructure
- Allowing the practice of shadow IT
- Not properly controlling administrative access to your data
Then, it’s time to reevaluate your data security hygiene, and take the necessary steps to update your security training and policies. Otherwise, you increase the risk that your data could be compromised.
2. You’re Using FTP or a Legacy File Transfer System
Hackers have targeted many organizations from small sized medical facilities to large corporations using file transfer protocol (FTP) as their mechanism of file transfer.
The use of FTP or legacy file transfer systems are often designed over time for various specific file transfer needs, however both methods of file transfer are not sustainable or secure when it comes to the long-term needs of a business operating in today’s high risk and fast-paced environment. While FTP can move a file from one location to another, it wasn’t designed with today’s data protection needs in mind. Legacy file transfer systems are sometimes highly customized. In the legacy system scenario, data security can be challenging without a centralized platform for data management and operational visibility.
Additionally, if your organization operates with a customized legacy system, and there are a limited number of administrators with the skills and experience to manage it, your organization may be left vulnerable if there is any unexpected change—from employee’s illnesses to employee separation. Fortunately, there are alternatives to FTP that offer greater security and control.
3. Not Providing the Proper Tools for the Job
Every day, your users are just trying to get the job done, often under deadlines and SLAs. If they can’t do it with the tools you provide them, they’ll download applications that they find on the Internet, turning to unvetted, unsanctioned tools to transfer sensitive data to partners, vendors, and other external parties over unsecured paths. And they aren’t just transferring work-related data. Your users are often at work 9 to 12 hours per day, especially when many are working remotely now, and in the foreseeable future. It’s understandable that they will also send the latest kid-pics to grandma, forward mortgage documentation to their bank, or download that cool PDF of the truck they want to buy.
MFT Can Keep You Off of a Hacker’s Favorite List
A good managed file transfer (MFT) platform can help you build the kind of IT infrastructure that makes things difficult for hackers. MFT can plug many of the holes in your security and help you protect your data, integrate legacy workflows and authentication systems, and provide oversight over your entire network, watching (or blocking) what’s coming into and going out of the network 24/7.
MFT is a very important defensive layer that is often overlooked or ignored based on a misconception of being unwieldy, expensive, or requiring new employee skillsets to manage it. Not true. A robust, user-friendly MFT platform can save you money by eliminating multiple, home-grown scripts to manage workflows, and many administrator logins to multiple, disparate systems. MFT allows you to monitor and control each of those systems and security layers all in one location, and with automation features built-in to reduce the risk of human error.
Here’s a look at a few MFT features designed to deter hackers:
1. Use of Standard Secure Protocols
Secure protocols, such as SFTP, provide protections that plain FTP can’t, such as providing a single secure—and faster—transfer through firewalls. In SFTP, encryption can’t be disabled, as it can be with FTP. And of course, you receive more information about the transfer through SFTP. HTTPS is also more secure than HTTP or plain FTP. An MFT solution should have all of these industry-standard protocols available to ensure your systems can communicate with each other and with external networks.
2. Monitor What is Happening on Your Network
Visibility into what is going on in your network is critical to maintaining security. MFT solutions can provide monitoring tools and dashboards for both real-time status and historical reporting. Not only file transfer activity, but user activity, administrator activity, server up/down time, and other file transfer-related information can be monitored through the MFT platform.
Knowing exactly what is transpiring on your network is key to preventing data breaches and other abuses of the network. A good MFT platform can show you exactly which user is transferring data, where/to whom they are transferring data, when they are transferring data, and what exactly they are transferring. Real-time activity monitoring, auditing, and reporting to track corporate file sharing, review statistics, and query data for reports is important to understanding what goes on in your network.
3. Never Store Data in the Demilitarized Zone (DMZ)
Many MFT solutions offer a “store and forward” method of transfers through the Demilitarized Zone (DMZ) which can put your data and internal network at risk. “Store and forward” refers to the way the DMZ does not store or process data, ensuring that data is secure behind a firewall ready for an MFT platform to process.
A better MFT choice is a DMZ server that never stores file transfer data and never initializes access to the internal network. The server in the internal network should establish an outbound connection (a Peer Notification Channel) with the server in the DMZ. The connecting client communicates only with the DMZ server. The DMZ server does not forward the client’s connections; only the data is forwarded or passed through to the internal server without ever storing the data in the DMZ.
4. Use Data Wiping to Thoroughly Delete Data
Your MFT solution should have the option to configure data sanitization/data wiping options to securely delete or purge the files by writing over the initial data using encrypted and/or pseudorandom data. Many government regulations and standards require data wiping to ensure the deleted data does not end up in the wrong hands.
5. Use Malware and DLP Tools at the Network Level
The Internet Content Adaptation Protocol (ICAP) is often used to implement virus scanning and Data Loss Prevention (DLP) tools at the edge of the network. These tools can be configured to permit or prevent file transfers based on your organization’s policies, preventing incoming malware from infiltrating the network. With the proper tools, you won’t expose your network to files containing malware, or share confidential or proprietary information.
Are you doing enough to keep the hackers away? Download our guide, “Is FTP Really Enough?” This guide addresses the critical challenges businesses face when using FTP and how to better reduce data security risks and gain the optimal efficiency of your data.