Cybersecurity is finding its way to the center of every business owner’s radar—and if it isn’t, it probably should be.
Consider the companies we know (and trust) with our confidential data. All seems well until suddenly they’re the victim of a massive cyber breach. Who ever thought Merck or Equifax would end up making headlines for data breaches, with millions of dollars lost as a result? How is it that hackers work as fast as they do?
Back in 1970, a board game known as Mastermind was released. The game is played between two opponents: The codemaker and the codebreaker. The codemaker creates a sequence, and it’s up to the codebreaker to solve the code in the least amount of terms possible.
Hackers are expert game players. In the case of your computer, the key to the code is usually your login credentials (user name and password.) Once they have those, they have cracked the code. Here’s a list of some of the most common, and most effective exploit techniques:
Phishing – The vast majority of data breaches happen when an employee is taken advantage of by a scammer posing as a legitimate person. Phishing attacks are bogus emails that can do serious damage if your staff is unaware (e.g., an email that poses as Microsoft and asks for login credentials to “update” your software.) It is easy for an unwitting staffer to provide access to their email account.
Vishing – This is another form of phishing; however, this time it’s a phone call. Phony callers engineer a fake caller ID or local phone number to create trust. A website can mimic Microsoft or other trusted resource. Either way, you are tricked into providing your login credentials or other confidential information. Another example of vishing is a website that freezes your computer and says: Call 1-800-Definitely-Not-A-Scam-Now to fix your machine. Users who aren’t trained on what to watch out for click into this and open their computer to the hacker…inadvertently risking your company’s revenue, reputation, and in some cases, your business. And, to make matters worse, if employees have work credentials or information on a personal device, what happens out of the office can also impact your business.
Keylogging – After the intruder has snuck onto your machine with these codebreaker techniques, they can continue to break through layers of your code. Malicious programs to track your employees’ keystrokes are installed so that the hacker can see your accounting passwords (or worse, your clients’ accounting passwords). Then, the attacker simply bides their time, until they have everything they need to compromise your network.
So, what can you do to stop this from happening or at least greatly reduce your risk?
Educate your team on what to look out for. The #1 reason for data breaches is a user accidentally giving away “code” secrets to the codebreaker. You want your team to be savvy and cautious. And, you want passwords to be high quality and different from personal passwords. The latest password wisdom says that a random phrase, with a combination of letters, numbers and characters is the best approach.
Once the codebreaker has their foot in the door, it’s far too late. Their automation techniques can do everything from holding your data hostage for a ransom, copying themselves on every email you send, and intercepting the messages you receive. Seriously, folks, this happens more than you’d think!
Our advice? Encourage your employees to take advantage of the security and training resources available to you through IT Radix. We realize security is a big topic. It’s not always easy to get started; but luckily, you don’t have to figure it out alone. Give us a call. We’ve got your back!
First published in our March 2018 IT Radix Resource newsletter