SUMMER 2019

184
THE DISTRIBUTOR’S LINK
JOE DYSART HACKERS’ NEW TRICK: STEALING COMPUTING PROCESSING POWER FROM FASTENER DISTRIBUTORS from page 126
It’s generally secretly downloaded to a computerized
device via a rogue link and executes as a working mining
program at the hacker’s whim.
The second major form of Black Hat mining occurs
while users surf the Web. Essentially, surfers get hit
when they visit a Web page that has been reprogrammed
by a Black Hat miner. The thieving script injected into the
page steals computer processing power as long as the
user remains at the Web site.
In fact, millions of Android users were afflicted with
this form of Black Hat mining in 2018, according to
IT security firm Malwarebytes (www.blog.malwarebytes.
com/threat-analysis/2018/02/drive-by-cryptominingcampaign-attracts-millions-of-android-users).
Fortunately, best practices fastener distributorships
can use to combat computer processing power theft
generally mirror those used
by companies for protecting
against other kinds of
malware.
Job One: The best way to
begin hardening your online
digital perimeter is to realize
that the administrator who is
responsible for your fastener
distributorship’s
computer
network is the number one
person who can make or
break your security.
“Fundamentally, good security really is just good
systems administration,” says Ira Winkler, founder of
Internet Security Advisors Group, a computer security
consulting firm. “And if you can’t afford or can’t get a
good system administrator, I recommend outsourcing
that.”
In fact, Winkler says the smallest of fastener
distributors will probably be best served by an outsourced,
third party computing solution, given that the
entire focus of a top-notch network systems provider
is on configuring, maintaining and securing computer
systems, 24/7.
In other words: you may want to move the critical
computer applications of your fastener distributorship to
the ‘cloud,’ so you can take advantage of the relatively
sophisticated Web security offered there, Winkler says.
At minimum, Sharon D. Nelson, Esq., president of
Sensei Enterprises, a computer security consulting firm,
recommends a quality Internet firewall for your fastener
distributorship that’s properly configured and Internet
security software that guards against viruses, malware
and spyware.
AT $5,000-A-POP, IT PAYS THIEVES TO
ILLEGALLY MINE CRYPTOCOINS.
Both are available with software packages like
Symantec’s Internet Security, Kapersky Security, Trend
Micro Security and the like.
And you’ll also need to be sure your staff gets the
message that your fastener distributorship security must
be taken very seriously. “Education of your employees
is key,” says Rich Conklin, an IT security consultant and
owner, Executive Computer Solutions.
Staying a step ahead
of hackers also means being
careful with any custommade
software, Nelson
adds, since these programs
are rarely subjected to the
rigorous security testing that
popular, established software
endures.
Content Management
Systems (CMS) -- software
designed to enable fastener
distributors to easily update
their Web sites – for example, are often custom-made.
“A custom CMS is usually a bad idea,” Nelson says.
Another common vulnerability: Many employees
tend to get lazy about passwords. Surprisingly,
one of the most commonly used passwords is still
‘P-A-S-S-W-O-R-D’ – a seemingly trivial oversight that
has spelled the undoing of countless, otherwise
stellar computer security systems.
Nelson recommends complex alphanumeric
passwords of more than 12 characters, which are tough
to crack even by software specifically designed to crack
passwords. And she reminds people to use different
IDs and passwords to enter different applications and
networks.
CONTINUED ON PAGE 204