Are you an open target?
Don’t assume because you are small that you aren’t a target like Amazon or Target. Rethink that. 95,000 new malware threats are being released every day and about half of them are aimed at small businesses. Most people don’t hear about it because it’s kept squashed for fear of attracting lawsuits, data-breach fines, bad press, and even out of embarrassment.
The National Cyber Security Alliance (NCSA) reports that a little over one in five small businesses have been victims of cybercrime in the last year – and that number is growing rapidly each year, as more businesses utilize cloud computing and mobile devices. Nowadays, you cannot even go online without learning about the latest online hack or breach. Now because of this information, it’s crucial that you protect your business from these Top 10 ways hackers can compromise your systems!
10 Common Ways Hackers Compromise Systems
1. Hackers Target the Weakest Employees. The easiest vulnerability for businesses are the employees in them. Typically, it is the employee that is the reason an infection can occur within the entire network by opening and clicking a phishing e-mail. If these employees aren’t trained, they won’t know how to spot infected e-mails or online scams, which in turn, could compromise your entire network, regardless of the security layers you have in place.
2. Hackers Focus on Devices Outside of the Business. Businesses must have and continue to maintain an Acceptable Use Policy that explains how employees are permitted to use company owned devices, software, Internet access, PC’s, and e-mail. REAL strongly recommends putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity (this can be enforced by the IT department with proper configurations). Furthermore, you have to enforce your policies with content-filtering and proper firewalls. REAL can easily set up permissions and rules that will regulate what web sites your employees’ access and what they do online during company hours and with company owned devices, giving certain users more “access” than others.
More importantly than above, if your employees are using their own personal devices to access company e-mail and data, than it has to be STRICTLY enforced.
If this particular employee is accessing unregulated personal e-mail from their own personal laptop and that laptop gets infected; it can be a gateway for a hacker to enter your business network (This is why REAL recommends putting all employee personal devices on the GUEST VLAN.)
Some questions to consider: If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device (which would delete all of that employee’s photos, videos, texts, etc.), to ensure your business and your clients’ information isn’t compromised?
Furthermore, if the data in your organization is highly sensitive, such as patient records, financial information, and credit card information. You may not be legally permitted to allow employees to access this information on devices that are not encrypted; but that doesn’t mean an employee might not innocently or accidently take work home to meet a deadline. If it’s a company owned device, you need to detail what an employee can or cannot do with that device.
3. Hackers Focus and Attack Misconfigured Firewalls. A properly configured firewall acts as one of the first layers of defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your network. But all firewalls need monitoring and maintenance, just like all of the other devices on your network. This should be done by your IT team or IT company as part of their regular, routine maintenance.
4. Hackers Utilizing Phishing E-mails to Trick You. A phishing e-mail is a fake email that is specifically designed to look like a legitimate email (that may or may not have an attached file) from a website you already trust, in an effort to get you to willingly give up your login information or click to download a virus. These emails spoof real life companies like UPS, Bed Bath and Beyond, and Amazon.
5. Hackers Focus on Businesses That Are Not Properly Patched With The Latest Security Updates. Every month, new vulnerabilities are found in common software programs you are using, such as Adobe Flash and Java; therefore, it is critical you patch and update your systems frequently. If you’re under a managed IT contract, this can all be automated for you so you don’t have to worry about missing an important update. Click Here to find out how we can help you not worry about updates or patches on your systems.
6. Hackers Utilize Social Engineering. This is the easiest and quickest way for hackers. Hackers pretend to be someone they aren’t and try to convince the user to give up their information. For example, hackers may pretend to be the IT department to get them to click or tell them information on their screen. This is the hackers cheapest and first option when trying to hack a business. Having the proper policies in place to verify who is on the phone or email, when unsure, is a good way to not allow this to happen.
7. Hackers Exploit Computers With Software Installed by the Employee. Assuming the Social Engineering step worked, the next step is to convince the user to download software onto their PC. This can easily be prevented by removing administrator rights of all users. Another way to prevent this from happening is have an IDS and IDP system in place. An Intrusion Detection System and Intrusion Prevention System both increase the security level of networks, monitoring traffic, and inspecting and scanning packets for suspicious data. When software is getting downloaded, these systems will scan and block before the hackers’ code can get installed on the system. Employee training can also help prevent this issue from occurring.
8. Hackers Focus on People in Public Areas. It is common for hackers to set up fake public wireless access points, cloning what already exists at the airport or hotel, in trying to get you to connect to their wireless. They want you to connect to theirs before having you connect to the legitimate, safe, public one being made available to you. Before connecting to any Public WIFI, make sure you have proper anti-virus with built in firewall. Also make sure you connect to the right name with the right spelling and password. Try to avoid open passwordless connections. Now that you are connected, never access financial, medical, or other sensitive data while on public WIFI. Also, do not shop online and enter your credit card information, if it can be avoided.
9. Hackers Go After Businesses with No Backups. By simply having a solid, reliable backup, can ruin some of the most aggressive attacks from hackers. These can include ransomware attacks, where the hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay the hacker to get them back. Having proper backups will also protect you against an employee accidentally (or intentionally) deleting data, against natural disasters, against fire, against water damage, and against hardware failures, as well as, a host of other data-erasing disasters. Your backups should be automated and monitored daily. Not having a backup can close your business. Click Here to find out how we can help manage your backups and never worry about this issue ever again.
10. Hackers Love WEAK Password Policies. Passwords should be at minimum, 8 characters, contain lowercase and uppercase letters, symbols, and at least one number. On a cell phone, requiring two-factor authentication is a big plus. Again, this can be enforced by your IT company. Allowing weak, easy passwords, is just as bad as having no passwords.
Does Your Company Want Help Ensuring You Have All Of These Holes Plugged?
If you are concerned about the dangers of cybercriminals gaining access to your network due to neglect of your employees or your IT company does not have a security background, then contact us right away about how we can implement a security plan for your business or firm.
REAL will send one of our senior security certified engineer to your office to conduct a Security And Backup Audit of your company’s overall network health, in a plan to review and validate all the different data-loss and security loopholes. REAL also look for common places where security and backup get overlooked, such as mobile devices, laptops, tablets and home PCs.