With so much in the press about hacking, if you do fall victim to a Cyber attack how do you know if you've been 'hacked' and how can you protect yourself?
There is a suitably unhelpful phrase in security circles:
There are two types of company: ones that know they've been hacked, and ones that don't
But, before you fire your IT company / head of IT security you need to define the word 'hacked':
1. To some 'hacked' means you've been directly targeted by an external malicious actor(s) hellbent on causing you harm (financial, operational, or reputational), or stealing your trade secrets, by brute force. (We call this the "Hollywood Hack" as they really only exist in films, or if you're being targeted by a nation state - just Google 'Stuxnet').
2. To others 'hacked' means one of your team have fallen victim (aka conned) into unknowingly disclosing their information to a malicious 3rd party, who will use this information to directly/indirectly monetise this information and/or use your genuine details to move around your supply chain and clients to and monetise their information. This is either by holding you to ransom over encrypting of files or selling your information on to others on the 'Dark Web'. (This is what we call the "Preventable Hack").
The dictionary defines "Hacked" as "gaining unauthorised access to data in a system or computer." This definition isn't helpful. Whilst the access is unauthorised, it implies that the individual had no control over this. Which is simply not the case.
Preventing the 'Hack'
Everyone who uses technology has a responsibility to remain vigilant and treat usernames and password like you would treat the PIN of your credit card or your front door keys.
You wouldn't give someone who knocked on your front door the PIN to your credit card or the keys to your house, but many people happily handover their usernames and passwords without understand their true value.
No reputable organisation will ever email / text you asking for your to confirm password. If you get a message like this, it's either a Preventable Hack in progress or the organisation has very bad security practices!
Can Technology Help?
Yes. But we would say that, we're a technology company. But, technology is only part of the answer.
Technology, like Multi Factor Authentication, will help prevent password based attacks from gaining access to your systems and data, and marking all emails from outside your organisation as 'EXTERNAL' will make any phishing attempts look more obvious.
Also, good computer hygiene, such as not reusing passwords, clicking 'OK' to install the latest updates for Windows, macOS, and not clinging on to software that was written before the iPhone was invented will help too.
However, technology isn't perfect, and a truly effective IT security strategy requires organisations to invest in technology, education and their culture. Under invest in any one of these areas and you could be the next victim of a Preventable Hack.