The City of Providence was Hacked

Cybersecurity Tips to Protecting Your Business

It happened again. Another municipal website, this time for the City of Providence, was hacked. This incident came with a threat to “sell” private information, and then with a request to be paid in bitcoins. A spokesperson for the Mayor’s office has tried to assure the people of Providence that the hackers only had access to public information. Is this true? How much damage was already done? A full investigation must be conducted to reveal more accurate information, which the RI State Police and others will now conduct, however we may never know the true extent of the damage.

So how do we, as companies, and individuals, trust the cloud – just another word for the internet? More and more business applications are becoming cloud based. But should you feel confident using the cloud when the media is breaking news every day about new security breaches occurring?

What we advise is that you gain some knowledge. And, further, we advise you to Think Like a Hacker. I’m not referring to becoming a hacker yourself, or to experiment with how to do that – but if you understand what a hacker is thinking and how they operate, then you will be able to create a plan to more effectively safeguard your network.

A hacker hacks for 3 reasons: Fame among others in the hacker world. Just for the fun of it. And, of course, fortune. But, what are they looking for?

Easy targets of opportunity – networks with little security (like a small business).
Someone else’s network – maybe yours. A hacker never uses their own network to conduct attacks.
Computers that are out-of-date (such as Windows XP & Server 2003 and 3rd Party updates) – expired antivirus, firewalls not current, or no spam filtering service.

Hackers enter your network in a variety of methods. They steal or guess passwords, log your keystrokes, and send you junk email known as spam. Another method is by creating “Zombie Computers or a BOTNET.” This means the hacker places malicious code on your computer along with many others and then from a remote command center sends viruses and other attacks to various targets – without you realizing your computer is the culprit.

Worried yet? According to ZDNet, over 1 billion personal records (including address information, medical records, financial information) were accessed illegally. How are these criminals getting through? Here are a few of the dangers:

Viruses –Malicious code that spreads (like a human virus) by infecting files.
Malware – Damaging software that infects your computer, doesn’t spread, but is often more damaging.
Phishing – A bogus email that looks like it is from a legitimate source, such as FedEx, United States Postal Service, PayPal, E-Bay, Bank of America, to name just a few. The intention of the email is to create urgency in the recipient, which then causes this person to click on a link that will infect their computer with Ransomware or Malware.
Pharming – The takeover of a legitimate website that redirects to fake websites designed to steal user names and passwords.

Signs that indicate your network has been infected:

Your machine or network runs slower than usual.
You receive unwanted pop-up windows, often directing you to purchase items, pay a ransom, or you get redirected to illicit sites.
You can’t open your files that you were able open a few minutes ago.

Follow this checklist to mitigate your risks:

• Look at website URLs closely. The email might look legitimate but the URL is the give-away!
• Be cautious and suspicious before downloading pictures, opening attachments & clicking links, even from people you know.
• If you do get a “phishing” email – don’t click on any links. GO TO THAT VENDORS WEBSITE DIRECTLY and login from there!
• Make sure your Antivirus Software is scanning & up-to-date.
• Make sure your Spam-Filtering software is current and running.
• Ensure your firewall is inspecting all inbound & outbound traffic.
• Make sure your computers are up-to-date. Remember Microsoft no longer supports Server 2003 or XP. If you still run either of these, you are a prime target for a hacker.
• Make sure you are backing up your data daily in case your computer is so badly corrupted it needs to be wiped clean and reloaded.
• Last, but not least: train your users at your office on how to expect hacking – Think Like a Hacker.

It’s time to fight back! At our businesses and in our homes. Hackers set their sites on all types of organizations. Small and large companies, government sites, and more. Whether it is the City of Providence, Home Depot, Target, or your business – it’s all of our responsibility to keep the data entrusted to us safe.