An IT security expert says that small businesses need to be aware of five key areas to protect their data, following the revelation that hackers stole the personal information of thousands of Dell customers.
The Australian division of the US-based tech company has warned that local consumer and small business customers have had personal details exposed in what is being described as the biggest data theft in US history.
In an email to affected customers, the company’s consumer and small business executive director for Australia, Deborah Harrigan, wrote: “Dell’s global email service provider, Epsilon, recently informed us that their email system was exposed to unauthorised entry.”
“As a result, your email address, and your first name and last name may have been accessed by an unauthorised party.”
Australian Privacy Commissioner Timothy Pilgrim, who has launched an investigation into the incident, says Dell Australia has set up an advice service for affected customers to obtain further information.
“I have also been advised that Epsilon has commenced an investigation into this matter and is keeping Dell Australia informed,” Pilgrim said in a statement.
Meanwhile, Dell is warning affected customers to be aware of unusual or suspicious emails requesting personal information.
It’s believed the hackers may be planning to sell the information to cyber criminals for targeted scams.
AVG security evangelist Lloyd Borrett says he is seeing an increasing number of hacks of this nature “where the bad guys are going after central repositories in cloud service providers”.
Borrett says people often the use the same password for multiple accounts, which means once hackers know a password, they have access to a whole myriad of things.
“We’ve highlighted five doorways through which cyber criminals can access company data. These five doors need to be slammed shut,” he says. They are:
Social networks and community bad spirits
Danger: Most social networking activity revolves around community spirit and sharing a wide range of data. Users are more likely to click on an infected link if it comes from a colleague or friend.
Solution: Offer staff some guidelines to keep them and your business network safe.
Instant messaging and spam chat
Danger: Viruses and other malware can be hidden in files sent via instant messaging. Some IM services link your screen name to your email address when you register. Having your email address so readily available can result in an increased number of spam and phishing attacks.
Solution: Don’t use an email address that can be easily identified by your IM username.
Insider threats are right in front of you
Danger: Employees are responsible for introducing the majority of malware onto company networks.
Solution: Background checks on potential employees are essential, and high-risk businesses should consider using advanced tools to conduct criminal history and social security searches to ensure their employees are totally trustworthy.
Educate staff on keeping their data and network safe and enforce a robust internal security policy combined with a security audit.
Don’t lose remote control
Danger: While preventing staff from leaking malware into a business has its challenges, staff who are allowed to access the company network remotely are even harder to control.
Allowing staff to use their own smartphones, tablets and PCs for work increases the risk that malware may get inside the company network.
Solution: Prevent staff from using their own devices. Businesses could use virtualisation technology to create a virtual safe-zone within your hardware.
USB sticks and smart phones
Danger: Plug-in memory USB sticks and portable drives are particularly good at spreading malware. They appear innocuous compared to a laptop or smart phone but can hold several gigabytes of code, some of which may be malicious.
Email-equipped smartphones pose similar risks to company networks as desktop computers. Smartphones can help spread malware onto other susceptible devices on the network and hackers have been known to use text messages to guide unsuspecting users onto websites containing infected code.
Solution: Users can run a manual scan before accessing any of the files on the stick. Business owners should also create policies to keep personal and business drives separate on any machine.