3 Essential Security Requirements Every Business Must Follow (to Avoid Being Hacked)

As you may already know, there has been a surge in the number of businesses being hacked for Bitcoin mining and ransomware. As a result of their success, these bad actors have become businesses in their own right – meaning that their exploits are not going anywhere anytime soon.

However, there is a way for businesses to fight this! We strongly urge you and every customer to review your equipment, policies and practices to ensure they are meeting your security requirements.

We have listed some minimal requirements here that every business should take very seriously:

1. Create a Robust Backup Strategy

A database that has been encrypted or removed due to ransomware or Bitcoin mining is impossible to replace if your backup strategies do not include full system backups (along with the system state of your operating system), remote (offsite) backups and a good length in the retention of old backups to fully cover the hacked interval.

In most cases, the IDS Database resides under E:\UV\Accounts.

2. Ensure Software Security Compliance

Microsoft will end its support for Windows 7 and Server 2008 in January of 2020. Without updates to close new security vulnerabilities, these systems will be targets for exploitation.

Microsoft updates are important and should be reviewed on every device to assess if they are current with software protections.

3. Install Antivirus and Anti-malware Programs

All business systems (PCs, routers, servers, etc.) should have active and updated software to mitigate malware and attack signatures.

As an extra step of protection, IDS would highly recommend reviewing your network with our security professionals. There are ways to improve your security profile by making a few quick changes:

• Passwords for all users should be robust, scheduled to be changed regularly and set to disable after multiple bad attempts with them.
• Devices that are brought into a dealership should not be on the company networks without a review on their status and compliance.
• Network equipment should have settings of denying connections that are not needed between networks.
• Any direct ports open through routers, allowing access into your network should be reviewed and restricted by source addresses for the connection. External Direct Remote Desktop Connections should not be used, as it has often been a compromising entry point for hackers.