Last week the state’s health department discovered hackers had accessed its computer server that contained personal information and health records for a still-unknown number of people the agency serves across Montana.
Starting in July 2013, hackers used malware, or malicious software that can steal information or damage a computer system with the simple click of the mouse, to gain entry to the Department of Public Health and Human Services’ server that holds client names, addresses, dates of birth and Social Security numbers. Also, the payroll and banking information for the department’s staff was also made vulnerable. State officials say there is not any evidence of information being stolen or used since the server was first hacked. An investigation has been launched and the server that was hacked has been shut down and taken off the state computer system.
The incident is the latest to illustrate a prevalent and persistent threat in the increasingly technological world: the hacker economy.
Two weeks ago, Glacier Bank hosted an informational seminar for business owners seeking to better understand computer viruses and how quickly they can compromise an entire world of vital information.
“In reality these are very sophisticated programs and they’re designed to steal information,” said Sherri Davidoff with LMG Security, a Missoula-based firm that specializes in computer security.
Davidoff gave a presentation detailing the various types of threats that are constantly putting companies at risk of a security breach. A common misconception is that smaller businesses are not frequent targets, but that’s not true, Davidoff said.
Nearly 80 percent of the time, people who are hacked are “targets of opportunity,” meaning someone happens to click on something, like a phishing or spam email or a fraudulent link offering fake prizes. Once that happens, a computer is immediately infected with malware that is downloaded onto the computer, and then everything that computer is linked to, like a server.
“This is a world-wide epidemic,” said Bob Nystuen, president of Glacier Bank.
Nystuen compared the current generation of hackers to the Old West days, when thieves came in the form of bank or train robbers. The types of criminals has changed with the times, and companies should be hyper vigilant, Davidoff said.
An extreme example occurred last winter when Target was the victim of the biggest retail hack in U.S. history. One person clicked an email link the days leading up to Thanksgiving, and instantly Target’s security and payments system was infected with a virus that stole every credit card used at 1,797 U.S. stores. In the aftermath, more than 90 lawsuits have been filed against the national retailer and the company has spent more than $61 million responding to the breach.
All from the click of the mouse.
“In reality this was one employee who happened to click on a phishing email. It could have happened to anybody,” Davidoff said.
Companies can enact preventative measures by installing firewalls and anti-virus software, but the biggest defense is awareness, according to Davidoff.
Companies should inform their employees of the dangers of opening suspicious emails or links.
“Don’t blindly click on any link that arrives in your inbox,” she said.
Instead, inspect where the email came from and preview the link through safe websites like bit.ly. Also, don’t believe the websites that seem too good to be true, for example ones that offer “Free iPads,” she said.
“The bottom line: hacking is business,” Davidoff said. “It’s not 14-year-olds living in mom’s basement. These are professionals. It is sophisticated software and stealthy.”