Widely used software from Drupal and Jupiter Networks – two companies known for helping businesses create web pages and improve connectivity – were hacked in the past month, causing potentially serious damage to their client companies and, just as important, demonstrating that you can never let down your guard.
Drupal offers content management software. Many business sites, particularly those that use sophisticated interactive content, such as e-commerce, are powered by Drupal. The software was infected with a virus that hackers can use to take over a Drupal-powered website.
Drupal issued a patch to prevent infection, but users must install the solution themselves, which probably means many of the million Drupal sites are still infected.
Juniper Networks is famous for creating faster routers and taking on Cisco. Juniper now offers a suite of networking software and hardware for businesses.
Last month, Juniper issued patches to fix several problems on its operating system. The most serious could allow hackers to take over devices and sites at companies using Juniper software.
Assessing the danger
These security breakdowns are of course only the latest in a series of worrisome hacks of important software providers. And they illustrate that criminals are always working to find new ways to access your company’s information – and possibly cripple your operation.
Drupal and Juniper won’t be the last examples, either. Here are some actions you can implement to protect your company and your own clients from attacks.
Software that runs your website and other operations should require users to identify themselves with a sign-on and password at various levels of authority.
You are responsible for educating employees about how to create a hard-to-crack password and to recognize phishing attacks from outsiders.
Software administrators should be few in number and should follow even stricter access rules, with multiple steps required to prove their ID to the computer and network. The administrator should have a separate password and sign-on for the server and for access to their own laptops and desktops.
If you rely on cloud-based servers, do your research to ensure the provider has maximum protection from hacking. Not all cloud services offer the same levels of safety.
Set up and monitor remote access. Employees who access your network remotely – which happens at nearly every company — provide the entry access for hackers. Virtual Private Networks offer the most protection.
Conducting a security audit identifies vulnerabilities in your hardware, software and mobile network. Hire an expert to do the audit so that all systems are included and all potential problems are discovered.
When you get a notice that one of your software providers has issued a patch, put it in place as quickly as possible. If the provider knows there is a problem, hackers know it, too.
Back up your system regularly, so if you are hit, you can recover all your data.
The Network Support Company can help you answer questions about whether your business is secure and what to do if your network needs strengthening.