In the digital age – data is everything and ensuring security of that data is of paramount importance to any business.
You would think that security would be at the forefront of most businesses minds but for many small business owners, they rarely even consider it.
Even big businesses can be complacent to the problems that can arise through lack of security and this is highlighted by the recent security breach of the Panama Papers which has been all over the news this last week.
The Panama Papers breach is the largest data leak in history by a wide margin, with 2.6 terabytes of data, 11.5 million documents, and more than 214,000 shell companies exposed.
Although authorities have not yet identified the hacker behind the Panama Papers, it has become clear that the Mossak Fonseca, the Panamanian law firm who were protecting the assets of those rich and powerful people had employed a rather loose policy towards web security and communications.
The company ran unencrypted emails through and outdated version fo Outlook web access by Microsoft (from 2009). And the websites they had in place using open source software WordPress and Drupal were both outdated.
It is alleged that the attacker gained entry to the email system and the entire server through the WordPress open source system, simply because they had neglected to update the plugin Slider Revolution.
The entire WordPress installation was outdated as well with core files going back to version 4.1 – the company also ran another website using the Drupal open source system which had not been updated for 3 years.
Wordfence posted a detailed article on their blog this week that shows the way in which they believe the attacker gained entry to the whole system.
Mossak Fonseca have since updated their systems by installing a firewall.
The moral of the story here is that you simply MUST keep your websites up to date. The leak is not a measure of the reliability of open source systems but rather serves to highlight how low a priority some firms place on their tech departments and web security.
Routine maintenance to keep your website updated should be at the forefront of every website owners mind. Having a skilled tech department is critical for any company that deals in sensitive data. The other option is to outsource your security and maintenance to a specialist company. Although there is a monthly cost to ensure your website is kept up to date, it is a small price to pay to ensure your website is secure and your data is safe.
The alternative is that your website gets hacked, your data gets pulled. You have to write a grovelling apology to your customers for the security breach and you have to pay out thousands of pounds to get everything fixed. Not to mention the fact that you need to change the passwords for every single access point.