Category: Blog

 

 

Why Small Companies is the First Target for Online Hackers

 

According to the SBA, small business employs less than 500 people and realizes less than $7 million in profits annually. This standard defines a small company across the global business world. A large percentage of these smaller businesses operate as privately owned companies. Hackers are especially targeting these smaller businesses with 10-250 employees. Many of these companies use a weak online security system.

 

It is vital that business executives of these smaller companies sharpen their IT systems. Additionally, it is critical that all large company CEOs in this twenty-first century become educated about hackers targeting small businesses. Many business executives, business owners, C level executives, and business managers may ask.

 

What does this information have to do with my corporation?

 

Times have dramatically changed. The small business owner is now a big target to get to larger companies. This little fish in the world of trade leads to a much bigger catch, namely larger corporations. This method that hackers now use has seen an increase of over 250 percent over a year ago, an unnerving thought.

 

We live in a dramatically different world today. We live in a digital world, like it or not. Small business owners, especially aged business owners can no longer do things from an old school perspective. No longer can business be done via pencil and paper. If owners do not have an active internet presence, the company does not thrive. This increasing and necessary internet presence are dangerous. This internet presence is an immense playground for hackers who can close the doors of many small business owners and do irreparable damage to larger corporations.

 

Protecting Company Assets and Great Reputations

 

All business owners must protect their excellent reputation and a company’s assets. It is critical that business professionals across the globe seek to increase knowledge and information on how highly secured IT systems is so vital to their business and online presence. Sharpened IT technologies can protect your company from hackers targeting smaller businesses. Hackers now utilize the small business owner first as a stepping stone to gaining sensitive information from large corporations worldwide.

 

What is Drawing Hackers to Small Businesses?

 

Hackers are working hard to send dangerous viruses, malware, or phishing attacks through small business systems. Hackers are leveraging extortion against small business owners to get to larger corporations. Perhaps the small business owner does not have a quality, highly secured IT system to protect their company from these hackers. Hackers use information gained from small businesses linked to large companies to con the smaller companies into handing over sensitive corporate data.

 

The smaller business has a more significant presence online. These smaller companies use Cloud service which is grossly unprotected, unencrypted, and readily accessible to hackers.

 

What Do Hackers Want With Company Files?

 

There is a lot of personal customer information hackers find vital to their existence such as names, dates of birth, Social Security numbers, phone numbers, financial numbers, and more personal details. Hackers use this personal information to get money, or they sell this information to other entities who will use them. This private and sensitive information equals millions of dollars to hackers.

 

The methods by which hackers use to infiltrate companies cycle in popularity. IT systems find that the use of ransomware is dramatically increasing in popularity over the last few years. Ransomware infects a companies PC which in turn encrypts those files denying that company access to their records. Hackers hold this vital information for money. Companies know that the information contained is worth a lot more money than the pirates demand. This method leaves small business owners no choice but to pay up. Hackers target small businesses across the globe as a vital link to infiltrate larger companies. The best security a CEO can have is firm security for online presence. IT professionals highly recommend an up-to-date and secure computer system. Additionally, recommendations are for an offsite backup.

 

How Can Small or Large Companies Avoid Attacks by Hackers?

 

Companies across the globe must follow strict guidelines and laws in place protecting sensitive data. If companies do not follow these laws, there are severe penalties. These penalties can be so expensive to the company that it must close its doors. These set guidelines tell businesses the following.

 

• How to store vital, personal information
• How to safely access sensitive information
• How to protect confidential information
• How to save and protect a customer’s financial information such as credit card, and banking numbers.

 

A breach in any company’s files is a nightmare which is liable to ruin the reputation of an excellent company. It takes many years for that company to regain the trust of clients. Some corporations never recover the confidence of their clients.

 

It is vital that all businesses have reliable and secured IT systems to ward off online attacks by hackers.

 

Educate employees never to hand over sensitive information to people unknown to them. Employees must protect information about their companies customer base, their vendors, and their suppliers.

 

Stress the importance of employees developing strong passwords and frequently changing passwords.

 

Checking and deleting all emails sounding sketchy is vital.

 

Employees must be aware of all of their online actions.

 

Never store sensitive information in the Cloud services. This service does not offer encryption, and it is easy for hackers to access.

 

Security systems are continually changing as much as hackers change their methods of breaching firms. Initiate sound online security systems, backup sensitive information offsite, install updated software, remain vigilant concerning severe hacker attacks and possible damage to the company.

 

Large and small companies across the globe yearn to be a trusted entity for clients. Trust may take years to earn and longer to get back when lost. Sometimes trust, once acquired is never regained once lost to hackers.

 

 

The auto-fill feature that makes it easy to enter in usernames and passwords on various websites may be putting your information at risk.

 

While auto-fill is a convenient way to keep track of the many combinations of letters, numbers and special characters you need to access sites, the feature is also being used by advertisers and hackers. That’s why many security experts are suggesting turning off the auto-complete feature in your web browser.

 

Password manager programs embedded in browsers are a simple way to get access to a password-protected website. The password manager auto-fills your details, giving you one-click access to account information meant to be kept private.

 

How Hackers Get Access

 

If hackers get access to a compromised website, they can put an invisible form on the site and easily collect users’ login information. If your browser automatically enters this information when it sees the appropriate boxes on a web form, it adds the info everywhere those boxes are found on a page, whether they’re seen by the user or not.

 

Because most web users use the same username and password for multiple sites, the theft of this information on just one website can expose your information on many others.

 

Not Just Hackers

 

It may come as a surprise to learn that hackers are not the only ones trying to use your login information. Some ad networks are using tracking scripts to grab email addresses stored in your password manager for auto-filling. That tech can be used to grab passwords too, whether stored on a browser or an independent password management site.

 

The ad networks are using the same technique as hackers — an invisible form that captures your credentials provided by the password manager. Here’s a helpful demo page that shows you how it works.

 

Ad networks are using this information not to hack your data, but to understand what sites you navigate to better target ads to you. And while they claim to only be grabbing email addresses, the potential for further abuse is there.

 

What Computer Users Can Do

 

Password managers by themselves are still useful tools, especially given the number of codewords we need to go about daily web browsing. It’s the auto-fill mechanism that needs to be disabled. That’s simple to do.

 

On Chrome

 

• Go to Settings
• Search for Passwords and click on the Passwords arrow
• Toggle the Auto Sign-In tab to the left (it should be grayed out not blue)
• For more protection, you can stop Chrome from saving any passwords by toggling the Offer to save passwords to the left

 

On Firefox

 

• Open Options
• Click on Privacy & Security in the left-hand navigation
• Click on History
• Select Firefox will: Use custom settings for history
• A new submenu will appear
• Unclick on Remember search and form history
• To fully disable saving any passwords, go to the Logins & Passwords section (just above History) and unclick Ask to save logins and passwords for websites

 

On Safari (Desktop)

 

• Open the Preferences window
• Click on the Auto-fill tab
• Turn off all features related to usernames and passwords

 

On Safari (iOS)

 

• Go to Settings
• Scroll down to Passwords & Accounts and click on it
• Toggle the AutoFill Passwords tab to the left

 

Disabling the auto-fill features means spending a little more time finding and entering usernames and passwords manually. However, these steps protect you from prying eyes looking to gain more information about you and your accounts.

 

 

If the frightening headlines about massive data breaches were not warning enough, upwards of 60 percent of all small and mid-sized businesses, reportedly shutter within six months of a systems hack.

 

The leading causes of nefarious systems incursions are reportedly caused by about 25 percent of valued employees repeating the same username and password across multiple platforms. But what remains even worse is that fact that as many as 95 percent of all small businesses lack adequate protocols to safeguard important company or customer information.

 

In the coming months and years, cyber threats are expected to continue to pose a grave danger to the health and well-being of small and mid-sized organizations. The question business leaders may want to ask themselves is . . . will you join the 60 percent of companies that did not recover from a data breach?

 

Strengthen Your Business Defenses

 

Many of the toppled 60 percent may wish they knew then what many know now. That is, the key to cybersecurity does not solely depend on having the best software protections. According to the National Cybersecurity and Communications Integration Center, and Department of Homeland Security, nefarious email remains a primary trap used by cybercriminals and DHS recommends the following safety procedures.

 

“Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.”

 

“Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.”

 

“Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you with their name and a call-back number. Just because they may have some of your information does not mean they are legitimate.”

 

As you can surmise, these cyber safety measures do not necessarily rely on the latest antivirus software or systems protections. Hackers continue to take advantage of human oversight and error to infiltrate organizations and pirate valuable personal data and intellectual property. Homeland Security also recommends that business leaders implement the following employee training and protocols to protect against data breaches via email.

 

• Maintain Secure Passwords: Change passwords regularly and never share them or provide co-workers with access.
• Verify Sources: Make certain that emails originate from people and companies within your network by contacting them directly for verification.
• Nix Auto-Download: Never use automatic download options for email attachments.
• Never Click On Links: Embedded links are a primary method used by hackers to trip up team members through ransomware and malicious viruses.

 

Strengthening a company’s defenses begins with employee training and awareness that data breaches are not reserved for significant organizations and Fortune 500 corporations. Hackers continue to troll for low hanging fruit and unsuspecting employees who make innocent mistakes.

 

Employee Cyber Security Training is Job One

 

Although ransomware attacks reportedly declined from 638 million in 2016 to 184 million in 2017, according to Statista, this method has been used to target a tremendous number of small and mid-sized outfits.

 

The common attitude among cybercriminals is that decision-makers will ultimately weigh the cost of paying the ransom against potential profit losses and do the math. Hackers understand that poorly defended organizations are likely to negotiate and pay up. That’s why valued employees must remain vigilant and be a sort of human firewall if you will.

 

Proactive industry leaders are tasked with training employees and also determining which team members could be considered at risk. An IT support team can utilize training videos, create a cybersecurity policy and implement it by working with groups and individuals. But once the hands-on work has been completed, it’s imperative that companies conduct ongoing cybersecurity evaluations. These are logical methods to consider.

 

• Identify team members who could be best targeted by hackers.
• Deploy unscheduled mock cyber attacks.
• Create and release convincing but harmless mock ransomware links via email.
• Require employees to complete cybersecurity training modules.
• Require advanced training for those who are tripped up by mock cyber attack drills.

 

We may be living in a golden age of technology, but our everyday fallibility remains the threshold that cybercriminals use to break into our business systems and rob our valued customers and us of critical data. One of the primary ways to avoid joining the 60 percent who are out of business is to make team members aware of cyber dangers and provide them with the skills to combat cybercriminals.

 

 

As businesses add more layers of cybersecurity to their arsenals, cybercriminals are finding new ways to attack system, networks and devices. There is a constant stream of emerging threats that can mean trouble for companies of any size.

 

Why Is Data Security a Major Challenge Going Forward?

 

Businesses today are realizing the vast opportunities that come from leveraging, monetizing and collaborating on their collected data. That means companies need to protect their data not only from privacy breaches but also from data misuse, data manipulation and loss of intellectual privacy.

 

Data validity, for example, is one particular area of cyberattack emerging. Data need not be stolen to hurt the business reputation. Instead, hackers could alter data such that it becomes invalid or inaccurate in such ways to delegitimize business outcomes and partnerships.

 

Industries need to identify and deploy new technologies that protect data while it’s at rest and in transit. Privacy risks related to data in use are hindering the full realization of data collaboration, limiting the opportunities available to companies.

 

Here are 8 other cybersecurity challenges that businesses need to combat now or shortly.

 

1.  Chatbots at Risk

 

Artificially intelligent chatbots have become commonplace, helping to answer questions and guide web visitors to required information and action. Hijacked chatbots, however, could mimic existing tools to drive victims to click on links, download malicious files or share private information.

 

Web application flaws could also be exploited to insert malicious chatbots into sites that don’t have one.

 

While these intrusions will likely be text-based bots for now, shortly, speech-enabled bots could lead to further victimization over the phone or other voice-enabled technologies.

 

2. Artificial Intelligence Mean Powerful Malware

 

The rise of AI, the Internet of Things and machine learning means more opportunities for business transformation. They also invite more smart attacks using intelligent malware. Cybersecurity providers need to develop new means of detecting these threats and training personnel to recognize and prevent them. Many of these preventative measures need to be automated to provide continuous detection and prevention.

 

Part of the challenge is the sophisticated tools hackers are using. Updated exploit kits, artificial intelligence and natural-language algorithms have allowed hackers to automate convincing emails. Simple processes allow for the generation of emails to millions of stolen addresses with compelling phishing attempts.

 

3. Data Exposure

 

AI-enabled applications rely on data pools to power advanced functionality, both for smaller companies and giants like Amazon and Facebook. The increasing use of data pools means more potential for developers to expose information, often customer data. These data aren’t necessarily subject to hack, but instead are vulnerable and accessible to anyone who can find the vulnerabilities.

 

4. Cyberwarfare

 

Bad actors are no longer content on ransomware and phishing attempts. Technology advancements provide new opportunities for targeted and individualized attacks.

 

These attacks may leverage artificial intelligence to target individuals or corporations. Data integrity attacks, for example, could force organizations to completely replace computer hardware. Physical assaults could use drones and other tools for physical assaults.

 

5. Infrastructure at Risk

 

Nation-states will continue to wage cyber attacks on enemies with state-sponsored attacks on infrastructure. Attacks on national security, emergency communications, public health and financial systems could cripple governments and create spiraling consequences for the private sector.

 

Smaller conflicts could also be used as testing grounds for nation-states to assess new tactics, procedures and technologies that could be used in more significant geopolitical conflicts.

 

6. Data and Privacy Regulation

 

In 2018, the launch of GDPR, covering privacy issues for European Union citizens, forced companies to reevaluate their privacy and disclosure procedures. Similar privacy laws were approved in Canada and California. These new regulatory mandates are likely the first wave of protections that will force companies to spend more on cybersecurity, data transparency and reporting. As control of data begins to shift from institutions to individuals, companies are going to need better ways to monitor and report on compliance from multiple jurisdictions.

 

7. Connected Devices in the Crosshairs

 

With connected refrigerators, stoves, thermostats, doorbells and washing machines becoming the mainstay in many homes, the possibility of exploits is grave. Hackers will begin to identify and exploit vulnerabilities in these smart devices. Manufacturers will need to build in additional safeguards and architecture to meet growing consumer demand while keeping bad actors away.

 

8. Industrial Control System Risks

 

While there are more automated systems to allow for greater control of buildings, utilities and factories, there are inherent risks of exposure. Many of the players providing the technology in this space are new, making high-value targets all the more enticing to hackers.

 

Each year brings with it new technical innovations sure to drive better business outcomes. At the same time, hackers will find more sophisticated means to create more effective intrusions.

In July 2018, an article published by Naked Security stated that SamSam, one of the latest ransomware threats, has been one of the most costly and dangerous attacks in history. SamSam leeched at least $6 million from unwitting victims, some of which were well-known businesses and government operations.

 

SamSam ended up costing the Colorado Department of Transportation upwards of $1.5 million as of April 2018, according to the Denver Post. The FBI and Department of Homeland Security (DHS) agencies have stepped in with recommendations to help business owners keep themselves and their data protected from not just SamSam, but other malware as well.

1. Make changes to systems that rely on RDP remote communication.

If you don’t use the RDP service, disable it. If you do rely on remote communication, work with an IT consulting agency to implement upgraded patches that conform to current system operations.

2. Use firewalls to protect open RDP ports.

If your system utilizes open RDP ports and public IP addresses, make sure these are rightly protected with a firewall. Virtual private networks should be used to access these ports, so make sure all users understand how to access the systems even once they are protected.

3. Beef up system passwords and lockouts.

One of the easiest ways to defend against brute-force attacks is to beef up your passwords and lockouts that are in use. USA Today says passwords should be a random collection of characters (upper and lower case), at least eight characters long, and that you should use a different password for each application. Use strong passwords among shared devices just the same as you would on the internet.

4. Utilize two-factor authentication processes.

Two-factor authentication processes offer an extra layer of security for applications that have it available. Many business owners skip doing two-factor authentication because it saves time, but this is an easy way to make systems more secure.

5. Pay attention to system updates as they become available.

System and software updates are hugely important, whether they are manually implemented or automatically added. These updates are frequently released as new threats emerge to the surface that would otherwise compromise an existing system. Never turn off automatic system updates and have a business security expert check your system for updates on occasion.

6. Implement a reliable backup strategy.

If something happens and your system is compromised by a SamSam ransomware attack, you need to have a backup plan already in place. Therefore, it is critical to implement a reliable backup access strategy so your system and your data can remain accessible.

7. Enable system logs and keep them for at least 90 days.

System logs will record every login attempt through RDP ports and other applications. In the event of an attack, IT analysts will be able to pinpoint the exact time that the system was infiltrated, which can be really helpful to solve the problem.

8. Follow guidelines for accessing cloud-hosted services.

If you do have cloud-hosted data that you frequently access, follow that provider’s rules for accessing your data and do not ignore their guidelines. These rules are specifically in place to keep your information protected. If you are using third-party services that require RDP access ports, make sure the service is following the latest safety practices.

9. Keep network exposure at a minimum for critical hardware.

In other words, if you have a hardware system that can function without being interconnected to all other devices on the network, then operate it as a standalone component. Just because you can connect everything in the modern technology setting, it does not always mean that you should. If SamSam or another ransomware attacks, hardware that is not connected can be safe. Likewise, it is good if you turn off sharing between printers and other devices unless it is absolutely necessary.

10. Restrict users from running software and opening emails.

There should only be trusted people within your business who are allowed the privilege of running software on any system. Therefore, make sure all users have a clear set of outlined access permissions and restrictions. It is also essential that email attachments are carefully handled, which means not every user should be allowed to open, access, or view email attachments.

Even though protecting your business from SamSam ransomware and other business cybersecurity threats can be time-consuming, it is these lines of protection that will save you from an expensive attack. Reach out to a cybersecurity expert for more information about adequately protecting your business network.