Tag Archives: hackers

The Most Common Ways Hackers Access Your Network

28 Jun 17
lverbik
, , , , , , , , ,
No Comments

You are under attack. Right now, cybercrime rings in China, Russia, and the Ukraine are hacking into small businesses like yours to steal credit cards, client information, and swindle money directly out of your bank account. Some are even being funded by their own government to attack American businesses, and half of all cyberattacks are aimed at small businesses. The National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year. It’s critical that you protect yourself from the following 10 vulnerabilities.

1 Poorly trained employees are the biggest risk. It’s common for an employee to infect an entire network by opening and clicking a phishing email designed to look like legitimate correspondence from a trusted source. If they don’t know how to spot infected emails or online scams, employees can easily compromise your entire network.

2 We strongly recommend an acceptable use policy that limits the websites employees can access with work devices as well as work material they access with personal devices. We can easily set up permissions that regulate which websites your employees access and what they do with company-owned devices, even granting certain users more freedom than others. You also need to detail what an employee can or cannot do with personal devices when taking work home.

3 Weak passwords are bad news; passcodes should be at least eight characters long with both lower and uppercase letters and include symbols and at least one number. On a company cellphone, requiring a passcode makes stolen devices harder to compromise. Again, this can be enforced by your network administrator so employees don’t get lazy and put your organization at risk.

4 If your networks aren’t patched, new vulnerabilities (which are common in programs you already use, such as Microsoft Office) can be exploited by hackers. It’s critical that you patch and update your systems frequently. If you’re under a managed IT plan, this can be automated so you never miss an important update.

5 Are you backed up in multiple places? Aggressive ransomware attacks, where a hacker holds files for ransom until you pay a fee, can be foiled by backing up your data. You won’t have to pay a crook to get them back. A good backup will also protect you against accidental deletion and natural disasters, and it should be automated.

6 One of the fastest ways cybercriminals access networks is by duping employees to download malicious software by embedding it within downloadable files, games, or other innocent-looking apps. This can largely be prevented with a secure firewall and employee training and monitoring.

7 Not all firewalls are created equal. A firewall blocks everything you haven’t specifically allowed to enter or leave your network. But all firewalls need monitoring and maintenance, just like all devices on your network, and a weak one does you little good. This, too, should be done by your IT person or company as part of their regular, routine maintenance.

8 Many hackers exploit your devices when you connect to public Wi-Fi, getting you to connect to their Wi-Fi instead of the legitimate public one. Always check with a store or restaurant employee to verify the name of the Wi-Fi they are providing. And never access financial or medical data or enter your credit card information when surfing public Wi-Fi.

9 It may be one of the oldest tricks in the book, but phishing emails still work. The  goal is to get you to download a virus by clicking a link or getting you to enter your login information on a clone of a legitimate website.

10 In 2009, social engineers posed as Coca-Cola’s CEO, persuading an executive to open an email with software that infiltrated the network. Social engineering is another old-school tactic, but, like phishing, it works well. Hackers pretend to be you, and people often fall for it.

If you are concerned about cybercriminals gaining access to your network, then call us to learn more about implementing a managed security plan for your business. You’ve spent a lifetime working hard to get where you are and have earned every penny and every client. Why risk losing it all? Get the facts and be certain your business, reputation, and data are protected.

Why Cyberthugs LOVE Your Business

14 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

It was a typical morning at the offices of a small Midwestern online retailer. This company, whose name we cannot mention due to a non-disclosure agreement with our source (Gary Miller, GEM Strategy Management) owned a very successful online catalog offering a wide variety of women’s apparel and accessories. They had a terrific reputation and brand, and every reason to be excited about their future.

Then, with a single click, the death spiral began…

An employee received an e-mail with a link to a benign-looking catalog. All it took was one click and the company’s entire network was infected. The Crytowall malware dug deep into the company’s accounting system and customer files, including credit card and social security numbers.

Fifteen thousand customer accounts were locked up by the malware. A ransom demand soon followed, requiring $50,000 for the key. Unfortunately, the company’s backup systems had been down for the last three months. With no way to remove the virus without destroying crucial data, the company had its back against a wall.

They paid for the decryption key. But no luck – it didn’t work. Business came to a grinding halt. The company owners couldn’t afford to rebuild their entire network. Within six months, the company closed its doors, strangled by a lack of sales and cash flow.

Could this happen to you?

Hackers have discovered that small businesses make juicy targets. These criminals love going after small businesses because they’re often the easiest to penetrate. IBM reports that over 62% of the 4,000 cyber-attacks that occur every day target small businesses.

Cyberthugs filch information to rob bank accounts via wire transfers. They steal customers’ personal identity information and resell it on black markets. They nab key information to file fraudulent tax returns, and commit health insurance or Medicare fraud – in your customers’ names.

Most small businesses are easy prey because they fail to take precautions. But you don’t have to be like most small businesses. Here are four things you can start doing TODAY to prevent a shutdown that could destroy your fortunes.

Understand evolving threats – Know what’s at risk in your company. Stay on top of the different schemes hackers use to gain entry. Learn all you can about phishing, spoofing, social engineering, malware, systems hacking, pharming and the latest scams so you can see them coming. Identify your company’s weak points and bolster them as needed.

Institute a dual signature policy – Require that two people sign off on every transaction. At the very least, when in doubt, pick up the phone. Verify all fund transfers or requests for payment before releasing funds.

Ingrain a solid data security policy in your company’s culture – Yes, you need to define and document protocols…but that’s not enough. In order for them to work, they must permeate every activity you and your team engages in. Your employees are the gatekeepers of critical data. Train them to see the warning signs, engage in safe practices and respond effectively to an attack. Examples include using only unique, complex passwords and keeping a “clean desk,” where sensitive information isn’t exposed.

Have – and practice – an incident response plan – Just like a fire drill, being ready for a breach gives your team an edge when faced with a crisis. When everyone knows exactly what to do, you’re better able to nip a hack in the bud.

Why play Russian roulette with your company’s data?

If you’ve been putting off cyber protection measures, thinking, “Oh, that would never happen here,” you are putting your company’s entire future in jeopardy. NOW is the time to call in an expert you can trust to verify that your data is safe in today’s rapidly evolving battle against a host of online bad guys.

When it comes to protecting your data – whether it’s bank account information, customer and employee records or proprietary IP or processes – we’ve got you covered.