Earlier this year, federal prosecutors in Florida announced that the government had seized the xDedic marketplace, a website that operated for years and was used to sell access to compromised computers worldwide and to personally identifiable information of U.S. residents.
Most individuals have probably never heard about xDedic. There would be no reason to have visited the site. But for a small cadre of nefarious hackers, this website was a goldmine.
According to prosecutors, potential hackers could search the site for compromised computer credentials using specific criteria, such as price, geographic location and operating system. And, based on evidence obtained during the investigation, authorities believe the website facilitated more than $68 million in fraud.
The victims span the globe and all industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds and universities.
This is a major action undertaken by law enforcement, and we should all applaud the prosecutors for their important work. But sites like xDedic highlight the very real risks associated with the digital age. Taking steps to guard our security and privacy in the cyberspace is incumbent on all of us, particularly businesses that increasingly are entrusted to store consumer information.
In my time as a cyber prosecutor at the U.S. Attorney’s Office, I saw firsthand how the digital age is creating a wide array of new opportunities for businesses and individuals. I also saw how this age creates unparalleled risks.
But this experience also taught me some practical ways that we can all protect our information and privacy in this new area. A few practical suggestions for companies to safeguard your information are as follows:
Keep software up to date
Installing software updates for your operating system and programs is critical. Always install the latest security updates for your devices. As technologies and risks change, so should your software.
This is particularly relevant at an enterprise level where most employees might not recognize the need to update software when new patches become available.
Adopt two-factor authentication
By now, most individuals recognize that two-factor authentication — requiring a password plus some other authentication through either an email, phone call, text message or the like — is a strong way to limit unauthorized access to networks. While employees might balk at the perceived inconvenience, this inconvenience is relatively minor compared to that when a cyber intrusion occurs.
Require all employees to use two-factor authentication when logging in remotely. Make 2019 the year in which you fully embrace two-factor authentication for all your accounts.
As a rule of thumb, whenever data is encrypted, its value and usefulness to a cyber intruder is significantly diminished. When you can, encrypt your information — use secure websites and only send information through the internet when you know it is encrypted.
Make sure that your storage of consumer information, likewise, is encrypted to the extent practical.
Turn on firewalls
Most computers nowadays have built-in network security settings: things like firewalls, blocking of remote access, and the like. Make sure that these security settings are turned on.
Educate, educate, educate
Most importantly, your employees are your front-line resources to preventing cyber intrusions. Any protection is only as good as the least educated employee. Make cyber safety an annual topic. Make sure that the training remains relevant, practical, and — to the extent possible — engaging.
Ultimately, no one precaution will likely deter the most determined of hackers. But the more you can do to make a hacker’s job difficult, the more likely you will steer clear of a data intrusion.
Just like you lock the doors to your home at night, so should you lock your digital information. We should all let this recent action by the federal authorities be the impetus for us to do more.
The original article, "How Businesses Can Protect Their Information From Cyberattacks," first appeared in the American City Business Journals on March 25, 2019.