It appears Adobe Reader is one of the favorite targets for hackers, according to a Computerworld article by Gregg Keizer.  A recent study published by F-Secure indicated 61% of the targeted attackes recorded by F-Secure in January and February 2010 exploited security vulnerabilities in this very popular PDF viewer.   

Fortunately a security patch recently created corrected the potential opening into your company’s system, but for the security patch to work, your computer systems (meaning your server and any computers hooked t0 your server) need to have the patch uploaded and installed to be effective.

While you may think that your organization has minimal risk or that a security breach will not affect your business, I would advise you to think again.  According to the US Federal Deposit Insurance Corporation (FDIC), more than $120 million has been reported stolen from small business bank accounts over a three month period.

One of the challenges of protecting yourself from hackers is that in most cases software security is a trailing process.  In most cases,  to protect your company from a hack, the malicious software needs to be created and launched before a “fix” can be created to stop the attacks.  I am sure that most software companies employ white hat hackers (those folks who hack for good rather than evil), the organizations are still behind the eight ball.  They must continually monitor and update the programs to protect themselves and their clients from loss and damage.

At the same time, it is vital for a company to make sure their software and security patches are up to date.  Many attacks are directed at older, out of date software that doesn’t have the latest bells and whistles, and even with the best firewalls and security systems, will allow a determined hack to get into the computer system and grab sensitive and private data. 

So, how can you help beat the hacker in these instances?  Here’s a couple of suggestions:

  • Establish a software policy which includes processes and policies for updates of all software, both items located on the servers as well as those on individual computers in your organization.  This policy may also establish appropriate protocol for accessing information from a home computer and develop the security systems needed to scan attachments for viruses prior to download or opening.
  • Identify what software is on your server and individual computers.   You may want to established “approved” programs for employee use.  
  • Monitor the software web sites to identify when security patches are made available.  In some cases you may have established programs which will search for updates and make changes automatically.  In other instances, you will need to monitor the site and manually update the systems.
  • Designate an individual to be responsible for monitoring the updates and communicating the information to the company.  I know that in some larger companies, the IT department will monitor activity and inform employees of computer virus threats and how to avoid them.
  • Periodically inventory the software on employees computers.  In addition to identifying what programs are on the system, the version number and last update information can also be included to be sure the most up to date program is on the system.  This can be a physical inventory done by an individual, or it can be a periodic report back from the user of the specific computer.

Hacking into a computer system through security holes in standard programs from organizations like Adobe or Microsoft is just one way your files can be compromised.  These are just a few suggestions to help protect yourself on one of the ways your IT systems can be compromised.  For further ideas and options, I’d suggest talking with your IT folks, software vendors and/or IT security consultants.