My (favorite) wine shop was hacked !

Last week, my favorite wine shop was hacked, some cryptolocker started to mess arround with his billing system & computer park.

Luckily, he had good backups, but please find hereunder a (non-exhaustive) list of things that would have prevented hime some trouble…

Here is the list :
– Does the administrator account of each computer has a different password from the other?
Slows down the spread of a virus.

– Has the administrator account been renamed?
Slows down brute-force attacks when the hacker tries to crack the system. Ideally, the account name would have at least one number and one special character, for example : Admin-MyW1n$hop

– Does each employee have a personal user account?
Reduces risk and makes identifying the problem easier.

– Are the user accounts removed from the “Administrators” group on EACH computer?
Prevents the installation / spread of a virus if the employee is confronted with a virus.
Also, forces the user to “think about whenever something should be installed.

– Is computers updated regularly?
Prevents viruses from using system vulnerabilities (to be done at least once a month)

– Are computers protected by an up-to-date antivirus?
Prevents viruses from getting installed, the antivirus should check several times a day if updates are available to avoid having recent viruses (my recommendation: every 2-3 hours)

– Are users protected by a complex password?
Mandatory to have one, better if complex for the data protection on the computer.

– Are computers protected physically?
Ideally, prevent the computer from being stolen as much as possible (think Kensigton type cables).
Physical access to a computer can bypass all protections listed above…

If you answered “no” to one or more of these questions, “Houston, we got a problem”: you HAVE TO do something to change the answer! 🙂
I think it’s neither difficult nor expensive to put all this in place, it just takes a little time…

Also, some extra basic tips:
– backup as often as possible
– test your backups, do not hesitate to do a regular recovery test
– be vigilant, do not trust anybody (viruses often come from known but hacked sources)
– do not hesitate to inform yourself about IT security to keep abreast of threats (a nice and understandle blog: Sophos)

You may also like

Leave a comment