There are fewer things more certain in business than this: someone is trying to hack into your office computer network and devices every day. And for most businesses, these criminals (or hackers, cyber-criminals, cyber-terrorists, virus writers, or ransomware pirates) will one day be successful. So it’s helpful to know what they do and how they do it in order to protect your business better. So here are the top 3 ways your business will be hacked, and what to do about it.
Attempting to hack a company -- any company -- is a business and a numbers game for the bad guys. If they send out a million emails but only one of them results in a breach or the installation of malware, it is likely worth it for them because that one payoff could be worth tens or hundreds of thousands of dollars. And it’s likely that their success rates are far greater than one in a million.
So it makes sense that cyber criminals invest most of their time and energy on email. As a result, the single most common way your business will be hacked (including viruses, trojans, ransomware, and so on) or breached is through email. Most estimates say that between 60 and 90 percent of all cyber crime starts with an email, so it makes sense to secure your email, and train the people who use email at your company, to identify and block anything that might damage your company.
- Protecting access to your email accounts through strong security, including multi factor authentication.
- Scanning all inbound emails for malicious attachments, links to malicious websites, or fictitious header information.
- Complete Endpoint protection that prevents malware from reaching or running on a computer or other device.
- Monitoring access to your email
- Training all users how to identify and properly react to phishing and social engineering attempts.
This last item is frequently overlooked by those who think that simple antivirus software is enough to protect a company. In the past, email threats were mostly from malware. But these days, with the popularity of mobile devices, pc-based malware is ineffective. At the same time, mobile devices give the user less information about the email and the sender, often not showing the recipient an email address of the sender and showing only the name.
So cyber criminals have put much of their effort into Phishing and Social Engineering scams. With Phishing, the recipient is asked to log into, verify or reset credentials to valuable resources, such as a bank account, online store, and network resources. But the link provided for the login page belongs to the criminal, and the instant the credentials are entered, they are used to hack into the resource and do damage.
Social Engineering attacks frequently show up as an email from a colleague who is requesting that some action be taken. It could be to share login information to a resource, or to make payment to a known vendor with new account information.
These and other similar attempted crimes makes Cyber Security User Awareness Training a critical part of any security plan.
Browsers and Websites
Email is a link to the world outside of your company, as are web browsers. They are a great tool for businesses to get real work done, but they are also a very common way that your business will be hacked
Hackers will infect a website with malicious code that can infect a web browser almost instantly, even if no links are ever clicked. This malware can change browser settings, download viruses, install code that monitors keystrokes, redirect the user to phishing sites, and more.
Without adequate Endpoint Protection, your users and your entire network is open to attack via web browsers. You can protect yourself with these security measures:
- Category filtering in the firewall
- Locking down uncharacterized traffic
- Sandboxing. (Browser isolation)
- Awareness training
It’s common for businesses to allow employees, clients and other visitors to join their company WiFi while on the premises. In order to increase security, these WiFi networks are set up securely so that they require a passphrase in order to connect. But that does nothing to protect the network if devices from outside are allowed to connect to the company’s actual network.
“BYOD” (Bring your own device) attacks happen when an infected device is connected to a company network. Many types of malware spread via network connections. Viruses can be written to seek out other network devices or resources. As a result, once a guest’s infected laptop joins the network, files could be deleted, corrupted or infected with the virus. A guest could save an infected MS Word document with embedded VBscript malware onto the network. When that file is opened by another workstation on the network, the virus spreads.
There are countless similar scenarios that could be disastrous to your company.
You can protect yourself and your business by setting up your network so that Employees and Guests have their own isolated WiFi networks to log into. This allows network traffic to be tracked, monitored and limited appropriate to the type of users expected on these networks.
Do You Know How Your Business Will Be Hacked?
Of course, these are just the top 3 ways your business will be hacked. There are dozens more ways a virus can get into your network that you need protection from. Here at Digital Uppercut, we have ways of trapping all kinds of hacks and breaches. We also focus on logging and tracking everything that goes on in your network so that in the event of an actual or attempted event, we can track down the source and protect you even further.
But every business is different, and a solution for one business may not be appropriate for another business. That’s why we recommend that we start with a no-obligation preliminary assessment of your current situation and network. Call us at 818-913-1335 or contact us online. Someone is trying to attack your company right now. Let’s make sure you’re protected.