As an IT contractor or business owner, you're probably used to knowing a lot more about technology than most people in your life. After all, that's why you're able to make a living: most of your clients (not to mention your friends and family) don't have a clue about how the technology they use every day works.
While your IT knowledge may be your greatest strength, it can unfortunately also be a major weakness, as the recent hacking of HackBB illustrates. Here's a look at how a trusted insider got away with a major hack and how you can avoid a similar fate.
Insider Boneless Hacks HackBB
First, some background: HackBB is a forum on the Deep Web where cyber criminals swap tips for stealing credit card information, skimming ATMs, and otherwise committing cyber crime. The forum is accessible through Tor, software that lets web users conceal their identity and make it difficult to be tracked.
Because users of HackBB largely discuss how to pull off illegal feats, the "law of the land" is a code of trust. A user called Boneless apparently won the trust of HackBB admins by offering valuable contributions for two years. The payoff? Boneless was awarded admin credentials to the forum.
Shortly after receiving them, according to Gawker, Boneless gathered information on forum users, tried to blackmail those users, and helped himself to a pretty nice chunk of change kept in the forum's escrow account. Ouch. (See how like HackBB, "85% of Small Businesses Set Themselves Up for Data Breaches.")
The Takeaway for IT Professionals: Don't Let Your Guard Down on Data Security
Chances are, your IT business isn't collaborating with cyber criminals in the nether regions of the World Wide Web. But the tale of Boneless and HackBB serves as a reminder that letting credentials get into the wrong hands can lead to major losses. So how can you keep your information (and your clients') as safe as possible?
- Limit access to data. You may trust your neighbors, but that doesn't mean you leave your house and car unlocked. And the same should hold true with your team: grant access to sensitive information with as few people as possible. The fewer people who know a password, the less chance it has of getting into the wrong hands, either intentionally or by accident.
- Update passwords regularly. Yes, we've said it before. But people still aren't doing it. A few seconds of updating can save you tens of thousands of dollars in court costs if you lose or expose client data and then are slapped with a lawsuit.
- Buy backup for your business. As the Boneless incident illustrates, even the most trusted partners go rogue sometimes. But if it happens to you, it doesn't have to lead to a financial catastrophe for your business. Invest in Data Breach Insurance, and your business (and personal) assets will be safe if and when you're hacked in spite of all your best efforts.
Writtten by Brenna Lemieux - check her out at Google+ or Twitter