_Oct/IntellectualLockdown.jpg "Intellectual Lockdown")
Already making chump-meat of the most sophisticated of computer defenses, hackers will soon be unleashing a new wave of malware that targets small business owners and the victims could very well include unsuspecting golf course owners. Unfortunately, many of those operators will be completely unprepared.
“Cybercriminals tend to focus where the weak spots are,” says Gerhard Eschelbeck, chief technology officer for Sophos, a computer security firm. “Protecting data in a world where systems are changing rapidly and information flows freely requires a coordinated ecosystem of security technologies.”
The reason why hackers are taking aim at small businesses is that their computers systems are generally much less secure. Defeating such systems enables cyber-crooks to easily dial, snoop around, and ultimately use the company’s computers as a back door to the much larger clients with whom they may be doing business.
Not surprisingly, many larger companies are hip to the trend and are responding by performing security audits of their smaller business partners. If they find a security risk, many decide to stop doing business with the offending company rather than risk a “break-in by association,” according to Mark Brophy, director of information technology at the law firm of Rogers Townsend & Thomas.
Golf course operators looking to reassure business partners that their mutual data is safe will need to convince trading partners they have a hard IT perimeter. And they’ll need to show defenses against some of the newest threats looming.
High on the list of the new malware is cloud-server-snapshot software. An insidious intruder, snapshot software can infect a cloud sever where a golf course operator stores facility data and take a complete snapshot of all the content that’s there—including passwords.
Meanwhile, increasing numbers of hackers are also using text-messaging theft software, which is surreptitiously added to the phone of unsuspecting users. Once activated, the software forwards all text messages to the hacker’s phone.
Sophos has also detected increasing use of “ransomware” against small- and medium-sized businesses. This app can infect both phones and computers, and render the devices inoperable. Hackers release the software on businesses and then demand major dollars for its removal. Not surprisingly, the cybercriminals rarely—if ever—follow up on removal if a business pays the ransom.
Yet another new threat is coming from computer users with average skills who can become formidable hackers with superkit software. These do-it-yourself packages offer multiple, state-of-the-art ways to infiltrate even the most sophisticated cyber-defenses, Eschelbeck says. Criminals buying the software on the black market don’t need to know how it works; they simply need to know how to point and click.
Of course, golf course operations of all sizes should be using firewalls and other network protections to help neutralize hacker break-ins. And most business owners realize that even the most sterling of computer security defenses can be thwarted without similar vigilance at the individual device level.
“End-user computers are the weakest spot,” says Shane Sims, director of investigations and forensic services for PriceWaterhouseCoopers. “Typically, these computers are protected only by antivirus software, and the most sophisticated hackers attack at that point.”
But dollar for dollar, the best return on an investment in computer security is employee education, according to Brophy. Take the time to educate new employees about the critical need for computer security and continually reinforce top-of-mind security with regular email tips, tricks and news about IT security. Once you’ve sufficiently alerted your staff, computer security experts recommend these best practices:
• Secure All Mobile Devices. Encrypt all data cards and ensure that all data and applications on the devices can be erased remotely if it’s lost or stolen.
• Protect All Cloud Data. Before cutting any deal with a cloud provider, make sure your contract allows you to encrypt all the data your business generates before data is sent to the cloud. With that safeguard, your data—and the data of your business partners—should be impenetrable, even if a hacker takes a snapshot of the cloud server that’s storing the data.
• Defeat Ransomware. Programs like Reventon, Citadel and Troj/Ransom can be neutralized by rebooting your computer with an anti-virus software program that contains its own operating system. Essentially, the tool runs your computer with its own operating system, finds the ransomware on your system, and destroys it, thereby restoring your computer.
• Deep-Six The Superkits. While there’s no bulletproof shield against all the ravages of a superkit, there are some common-sense precautions. If you do nothing else, install updates for all the software on your computer system as soon as possible and disable vulnerable software like Java and Flash whenever you’re not using those programs.
• Safeguard Passwords. Strictly forbid employees from using the same passwords at work and at home. Hackers are aware of this habit and regularly troll personal email accounts, hoping to find passwords they can then use on employee work accounts.
• Respect The Rule Of 12. Prohibit the use of passwords shorter than 13 characters. The darker corners of the Internet are rife with programs that can auto-crack any password that is 12 characters or less. Essentially, hackers simply activate an auto-crack program on a specific email account and let the software run indefinitely until the account’s password is revealed.
—By Joe Dysart