The theft of 1.5 million patients’ personal particulars is another wake-up call for organizations to be vigilant for cyber attacks. Before you frown and think of this as just another FUD (fear, uncertainty, and doubt) post, we would like for you to pause of a moment and think of the repercussions.
While you might not be one of the 1.5 million affected, just think what we could do if we have the following details of you, the casual reader:
- Full Name
- NRIC
- Address
- Gender
- Date of Birth
- Race
That’s a lot of information that we know about you, isn’t it? That’s exactly what has been lost. This means for these 1.5 million affected users, banks and government institutions can no longer use any of this information to verify their true identity. If you have been through a verification process via the phone with a local bank, you will realize they tend to use one of these. These can no longer be used.
In wake of this, it is wise to alert your staff to take precautions, regardless if their data has been accessed.
Be aware of phishing emails, fake SMSes, and calls since cyber attackers already have your or your colleagues’ personal information such as full name, address, birth date, NRIC etc.
This is no longer just an issue pertaining to the 1.5 million affected users but it also affects everyone around them.
It was reported that the cyber attackers first accessed the network after breaching a front-end workstation and manage to obtain privileged access to the database over time while showing sophistication in cleaning up their digital footprint.
Let’s pause for a moment.
While you might say
“Nah, my small business does not keep that kind of information”
“No, my business information is of no value”
“No, my business doesn’t have such valuable information”
But have you thought about the mindset of the would-be cyber attackers? True that this time around, the cyber attackers choose a “large” target and managed to obtain a larger number of personal information – but what’s stopping “wannabe” cyber attackers from using the same mechanisms to breach smaller targets. Other “lower hanging fruits” like your business, your machines and your data?
Your business information and business data aren’t that valuable?
While you think that might be true, but what happens if, in this very instance, you realize that your business information and business data has been unlawfully accessed and copied. What impact will it have on your business? What happens if there have been some small edits to the data? Replacing a positive sign with a negative? Replacing 1000 with 2000.
The integrity of your business information and your business data is now gone. You can no longer trust the data that you have. You can no longer trust the data that your business processes produce. That will have significant repercussions throughout your entire business.
While its true that cyber attacks have been targeting larger organizations, it doesn’t mean that Small Businesses are spared. Small Businesses are most vulnerable as there is a lack of understanding of the disruption and harm a cyber attack can do to the business.
We take precautions to lock our offices when we leave at the end of the day. We take precautions to ensure that we deploy adequate locks to prevent unauthorized physical access to the office. Some business owners take further precautions by deploying CCTV/IP cameras on their premises, hoping to deter would-be intruders and if at all breached, to provide the authorities with helpful information and footage.
But what about your digital assets? What precautions are you taking to ensure that intruders are kept at bay?
Our doors, gates, and walls may be strong enough to prevent unauthorized access, just as our firewalls and switches might be able to protect the organization from external attacks but cyber attackers know this and can get into your network from the inside through other social engineering attacks. It might be as simple as tricking an employee to click on a seemingly harmless web link, download a file from the internet, visit a malicious website or use an infected USB drive. All these are easy access channels for cyber attackers. Workstations and mobile devices are common targets as they connect both to the internal and external networks.
- If you are connected to the Internet, you are vulnerable to cyber attacks
- If you are connected to the Internet, you must take precautions against security breaches
- Is your Small Business adequately protected?
- Is your Small Business resilient to a cyber attack
Small businesses are not spared due to their size.
Everyone is vulnerable to a cyber attack.
Mitigate your risk of becoming the next victim.
Consider adopting the following measures immediately:
- Harden standard workstations and endpoints
- Review administrator accounts
- Disable PowerShell for standard workstations
- Tighten control for long-running or decommissioned endpoints
- Implement strong endpoint protection
- Keep systems up-to-date
- Monitor for unauthorized remote or database access
Need a review of your security measures? Minimize your exposure. Contact us for a review of your Small Business IT today!
ManagedIT.SG is an IT Support, IT Solutioning and Managed IT Service Provider specializing in serving Small Businesses in Singapore. Call us at +65 6748 8776 and let us manage your Small Business IT today!