How do you know you’ve been hacked?

I get asked fairly often recently “how do you know if you have a hacker in your system”.  There is no short answer.  It would require hiring a security expert such as a penetration tester who tests networks for vulnerabilities to find if there is a sign of a hacker.  A regular computer technician will not be good enough.  If the hacker is really good, you may never know, or at least not for a long time and only after investing a lot of time and/or money in having your network investigated.

Usually for the small company or especially for personal use, you can’t justify to afford having an investigation done to find out. You just format the hard drive of the computer in question, reload everything and lock down your security a bit tighter including changing all passwords.

For those large companies who can afford it, and want to do it, they can hire security experts to investigate and capture evidence in such a way that it can be used in court.  TechNewsWorld has an article on this which proves what I’ve been saying for a while now and one of the major reasons we do monthly preventive maintenance for our clients.

Like Yahoo in the article mentioned above, they did not know about this breach right away and the reason for it seemed to be lack of preventive maintenance and poor security practices.  You may not find a breach for years if the hacker was really good and covered their tracks.  So you may never know how far the breach has gone, for how long and if it is continuing.

It’s all about how much money do you spend on security.  For a home user, just spend that extra $20-$50 to get a slightly better firewall/router.  Spend the time to change your passwords once in a while.  For companies, you need monthly preventive maintenance on top of spending that extra $100-$500 for a better firewall/router, etc.  Every little thing you can afford to do, do it.  If you’re protecting a million per year worth of data, you might cap your limit for protection at $5,000/year.  If you’re protecting a billion per year you wouldn’t think twice probably about spending $500,000/year on security.

Consider your risks:

  1. How much would you lose per hour if your computer is down?
  2. How much would you lose per hour if your entire network was down?
  3. How much would you lose if your data was encrypted or deleted and you had no current backup?
  4. How much would you lose if your data was stolen?
  5. How much in legal expensive if sensitive client data was stolen.

How long can you afford to be down with above mentioned scenarios?  Consider the following:

  1. Once you notice you are down, get word from an employee, and make the first call
  2. You make the call to tech support, how long do they take to respond?  1 hour, 2 hours?
  3. How long before tech support starts working on the problem?  another 4 hours?
  4. How long does it take them to fix the issues?  1 hour, 1 day, 1 week if data recovery involved?

Add all these times up, do the math, and you can figure out a good number on protecting your individual computers, the entire network and your data.  Come to think of it, your clients information!  if you are a doctors office, you have client data that includes medical records and OHIP numbers which is a hot item on the black market.  You are no just protecting your company, you are protecting your clients, who could turn around and sue you for not protecting their data if you got hacked and their identity was stolen.  Many business have credit cards on file for their clients, what if that was stolen?  All types of business are at risk of all types of security problems.  How much is the protection worth to you?

Anti-virus isn’t enough, there is so much more than that.