The world of technology can be complicated and dangerous.
Over the course of several years, large companies like Facebook and Equifax have been the victims of digital attacks, compromising the personal information of millions of people.
While information trickles out to the public about breaches and malicious hacks of large companies, it is a consistent battle behind the scenes that has software developers vigilant to stop new attacks on computer security.
Karl Sanford, lead application development consultant for OST in Grand Rapids, said it is an “arms race,” and there is no such thing as a 100 percent secure system. Some of OST’s customers include Amway, Mall of America, Spectrum Health, Herman Miller, Steelcase, Meijer, Holland Special Delivery, Byrne Electrical Specialists, ArtPrize and Caterpillar Inc.
“It is really incumbent on us as developers, and clients as well, to be constantly on the lookout for these risks and not to trivialize them and take it on a case-by-case basis and assess what their risk profiles are and take action accordingly and immediately,” he said.
Although attacks are inevitable, Michael Marsiglia, managing partner for Atomic Object in Grand Rapids, said they build custom software using the industry’s best practices for password management, data segregation, personally identifiable information, encryption, etc. When that is completed, he said they use third-party security auditing companies to simulate common attacks.
Micah Alles, senior strategist at Atomic Object, said the firm’s software is tested by posting it in a cloud server that is used to prevent attacks such as ransomware and denial of service. However, he said once the software goes live, it is vulnerable to attacks from different networks in the workplace and elsewhere.
Marsiglia said ransomware attacks are what many small and medium-sized businesses have to be aware of because attackers somehow get access to their internal network, looking for vulnerabilities by using a “brute force” attack, where they search through different usernames and passwords.
He said when they gain access to the network, they release a virus, which locks up the machines and key resources of the business’ network to make it inaccessible by the company. In order to regain access the information, Marsiglia said hackers ask for money or bitcoins, which is untraceable money.
To limit the risk of attacks that businesses may face, Alles said companies need to set up an employee security policy for a disaster recovery plan in case of a security breach.
“If you have a robust plan, which you’ve been testing to replace any key internal computing resources, their storage resources they have … then they can say, ‘We can turn all these computers off and say goodbye to you’ because we can just restore from off-site backup, which we know aren’t corrupted and we can get back our business up and running at a low cost.”
To prevent hacks of personal information, Marsiglia said people can take advantage of a password management program like 1Password. Password management programs can help people get their critical passwords and help them manage unique and strong passwords for every site they use. They also can use two-factor authentication, which requires a pair of steps for entry.
“There is always going to be a new way to attack something that someone didn’t think about before,” OST’s Sanford said. “As software developers who consult, it is really incumbent on us to stay up to date with threats and communicate them internally with each other so that we are aware and train individuals on how to mitigate those threats so that our consumers are exposed to little security risk as necessary.”