There was a time not so long ago that any time one needed a Wi-Fi signal, we had our pick of networks to join. By our count, approximately 5% of available SOHO (Small Office, Home Office) networks were entirely unsecured / lacked a password! Then, seemingly almost overnight, it was nearly impossible to find an unsecured, open WiFi network.
Why did that change? Was it because people became educated en masse on security settings and it suddenly became important for everyone to lock down their networks? No. Wireless router manufactures put password creation into the default setup procedures.
That said, the problem remains with people — both consumers and businesses alike continue to assign default passwords that are overly simplistic and weak, such as 1234 or even password!
A very real consequence to not modifying a default network security setup was made evident when 27,000 databases were recently ransomed in a MongoDB breach. Those databases contained 93 Terabytes — 93,000,000,000,000 bytes. 93 million, millions!
MongoDB is a cloud database provider that serves clients across the globe, ranging from travel agents to advertising firms to even schools. They spin up databases for customers similar to the way Rackspace spins up servers. The MongoDB databases are open to the Internet by default, and users must then set their own security measures. Since many users were either not knowledgeable on the initial security procedures, or for any other reason, adequate security measures were never put in place.
That left the door open for hackers who copied and then deleted over 27,000 databases, and placed a file in place of the database that gave the owners instructions on how to pay a ransom to get the data back. Unfortunately for many database owners, secondary hackers then came in and replaced the original ransom instructions with their own instructions.
For some owners, the unfortunate end result was that they actually paid a ransom to the follow-up hackers, but never got their data back because nobody figured out who the actual, original hacker was!
There are 2 takeaways here that, although already stressed in tech and mainstream media, still bear repeating:
1) Never trust the default settings. Whether its a new router for your home or a cloud database provider, the very first thing you should do is establish your own security settings with a strong password and even better, with multifactor authentication. There are guidelines available online for nearly all software and network hardware.
2) Backup your data. Often. And on redundant media – external hard drives and cloud backups. That way if, despite your security settings, you lose your data, all is not lost.
Breaches happen daily at homes and businesses in every country, in every industry across the globe. Dont leave doors wide open for hackers by leaving default settings in place and be prepared with backup and mitigation plans when the inevitable breaches occur.
About the Author
