Security Breaches Can Happen To Anyone, Even Citrix

Hey everybody. Kevin Baylor, Alliance IT.

Hope all is going well. I’m sure you’ve heard that on March 6^th, Citrix was breached and lost somewhere between 6 and 10 terabytes of data. “Who’s Citrix?” you may ask. Well, Citrix is one of the leading cloud providers, IT vendors out there. They’re on par with Microsoft and VMware.

They provide operating systems, virtualization platforms, cloud services and they had a major breach again. It also happened back in December of 2018. So two times, in about three months’ time span, a major vendor was hacked, breached and several terabytes of data compromised and stolen.

How does this happen? It’s very easy. Whether you’re small, medium, large, security policies can get lax. Things can get missed. Oversight can happen at a large scale and a large enterprise, global IT leader. It can happen to you. It might have already happened to you and you don’t know it.

Whether it’s 140, 160 or 188 days, you could have had a breach sitting out there lying dormant or active and you not even know it. It could have been capturing data for the last three months. You changed the passwords. Great! It has got the old one and the new one. Changing them every 90 days. Well, it has probably got them all.

There’s a lot of things that a small, mid-sized business owner and businesses can do to help prevent these types of breaches. I’ve said it before. Security is Swiss cheese. There are several layers that you have to put in place to prevent these things. You can’t just put in a firewall and hope it’s going to capture everything. You can’t just put in password policy changes and hope that’s going to prevent everything.

You can’t just train your employees to be more diligent and cautious of what they click on. It won’t prevent everything.

There are attacks coming from all sides to all of us, both in our personal lives and in business. Monitoring your credit?

Great.

• How often do you look at the reports?
• Do you go out and look at the alerts when you get those?
• Do you go, “Oh, no, that’s OK. That’s probably valid”?

You need to trust but verify. Get with the vendor. Check with your IT in-house guy or your CIO or your CTO.

Check with your business consultants. You need to be diligent about what you’re doing. There’s a lot of easy ways to protect yourself. They don’t all have to be expensive but it’s going to be expensive if you don’t. Trust and verify. Protect and be diligent. Put security in place.