The Russian hacker attack on an Ely, Nev., hospital offers an urgent message to the business community, and to anyone who spends time on the internet: Businesses and the general public can no longer assume that they won't be a cyber crime victim.
Five lessons of the Ely William Bee Ririe Hospital Cyber Attack:
1.
Cyber criminals can and do strike everywhere.
Location is irrelevant.
2.
Cyber criminals are constantly seeking victims.
They are sending out thousands of "probes" as you read this, to any computer with internet access.
These probes can come from e-mail, websites, downloads or software.
They look for openings into computers, and can trigger programs that automatically remove information from those computers.
3.
As with personal identity theft, the identity of the victim is often used to commit fraud against a third-party.
When your computer or your network is attacked, you may end up as the crucial instrument in an attack on a third computer or network.
That's what happened in Ely, where the attack originated from the Al Jazeera website, and was originally attributed to Arab terrorists.
The real culprits were Russian cybercriminals.
4.
The biggest security threat to company networks are well-intentioned, but unwitting employees who open email attachments, visit the wrong websites, or download games or MP3 files.
Stringent computer policies and employee education can be the best form of security.
5.
Firewalls and anti-virus programs are important, but insufficient.
True security is an effort that includes policies, education, and regular equipment audits.
Liability is the lesson Ely avoided.
(So far.) The fallout from cyberattacks may not be known for months or years.
6 .
For businesses that handle large amounts of personal information, potential liability for breached client records is the biggest potential nightmare of all.
The loss of productivity from a hacked network is secondary.
Ira Victor is a certified computer security practitioner and an active member of FBI Infragard.
He is the co founder of the Software Development Forum Security Special Interest Group, and president of HIPAA Technician, a cyber security firm located in Nevada.
(www.hipaatechnician.
com)