How Hacker Attacks Get Around Your Firewall and Anti-Virus

HACKERS TARGET SMALL BUSINESSES

Your small business, is under attack. Right now, extremely dangerous and well-funded cybercrime rings in foreign countries are using sophisticated software systems to hack into thousands of small businesses like yours to steal credit cards, client information, and swindle money directly out of your bank account. Some are even being funded by their own government to attack American businesses.

Don’t think you’re in danger because you’re “small”?  Think again. Over 560,000 new pieces of malware threats are being released each and every day and 82% of all cyber-attacks occurring are aimed directly at small businesses. This kind of news doesn’t spark enough media attention to land in the news. It’s often kept quiet for fear of attracting bad PR, lawsuits, data-breach fines and out of embarrassment.

In fact, according to the latest PurpleSec report, 47% of small businesses had at least one cyber-attack in the past year; and 44% of those had two to four attacks. These data breaches are growing in both number and severity. Because of all of this, it’s critical that you protect your business from these top 10 ways that hackers get into your systems.

#10 – Hackers Take Advantage of Employees Poorly Trained in Cybersecurity Awareness

By far, the #1 vulnerability for business networks are the employees using them. It’s a common place occurrence for an employee to infect an entire network by opening and clicking a phishing e-mail (an e-mail cleverly designed to look like a legitimate e-mail from a trusted vendor or website). If your employees don’t know how to quickly spot infected e-mails or online scams, they could compromise your entire network, leading to your business coming to a complete halt.

#9 – Hackers Exploit Device Usage Outside of Company Business

In this day and age employees frequently work from a mobile device that they can take home or bring their laptop into work. While this can be very convenient, it can also introduce a new element of cybersecurity risk to any business.

To mitigate this risk,  you must maintain an Acceptable Use Policy which outlines exactly how employees are permitted to use company-owned PCs, devices, software, e-mail and Internet access. We highly recommend putting a policy in place which limits the websites employees can access with work devices and Internet connectivity. This policy must be further enforced with content-filtering software and firewalls. We can set up permissions and rules that will regulate what websites your employees are able access and what they can do online during company hours and with company-owned devices, giving certain users more “freedom” than others.

Having this type of policy is particularly important if your employees are using their own personal devices to access company e-mail and data.

If that employee is checking unregulated, personal e-mail on their own laptop that infects that laptop, it can be a gateway for a hacker to enter your network. If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device (which would delete all of that employee’s photos, videos, texts, etc.) ensuring your customer’s information isn’t compromised?

Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information, etc.., you may not be legally permitted to allow employees to access it on devices which are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent the security mechanisms you put in place.

#8 – Hackers Take Advantage of Weak Password Policies

Weak passwords make it extremely easy for hackers to get into your business network. It is critical for any business to have a proper password policy in place to better protect their network.

Passwords should be 8 characters long at a minimum, containing both uppercase and lowercase letters, symbols and numbers. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised. Again, this can be enforced by your network administrator so employees don’t get lazy and choose easy-to-guess passwords, putting your organization at a higher risk of a security compromise.

#7 – Hackers Attack Networks That Are Not Properly Patched With All The Latest Security Updates

New vulnerabilities are frequently found in common software programs you are using, such as your Windows operating system and Microsoft Office; it is therefore critical that you consistently patch and update your systems. If you’re under a managed IT plan, this can all be automated for you so you won’t have to worry about missing an important update. We patch our client systems each night ensuring that all software is continuously up to date and secure.

#6 – Hackers Attack Networks With No Backups Or Simple Single Location Backups

Simply having a solid, reliable backup can foil some of the most aggressive (and latest) ransomware attacks, where a hacker locks up your files and holds them for ransom until you pay a high fee. If your files are backed up, you don’t have to pay a shady crook to get your data back. A good backup will also protect you against an employee accidentally (or intentionally) deleting or overwriting files, natural disasters, fires, water damage, hardware failures and a host of other data-destroying disasters. Your backups should be fully automated and monitored at all times; the worst time to test your backup is when you desperately need it to work!

#5 – Hackers Exploit Networks With Software Downloaded and Installed by Employees

One of the fastest ways cybercriminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other innocent-looking apps. This can lagely be prevented with a good firewall and employee training and monitoring.

#4 – Hackers Attack Inadequate or Outdated Firewalls

A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. But all firewalls need monitoring and maintenance, just like all devices on your network. This too should be done by your IT person or company as part of their regular, routine maintenance.

#3 – Hackers Attack Your Devices When You’re Off The Office Network

It’s common for hackers to set up fake clones of public WiFi access points to try and get you to connect to their WiFi over the legitimate, safe public one being made available to you. Before connecting to any public WiFi, check with an employee of the establishment to verify the name of the WiFi they are providing.  NEVER access financial, medical or any other sensitive data while on a public WiFi. In addition, don’t shop online and enter your credit card information unless you’re absolutely certain the connection point you’re on is 100 % safe and secure.

#2 – Hackers Use Phishing E-mails To Fool You Into Thinking That You’re Visiting A Legitimate Website

A phishing e-mail is a bogus e-mail that is carefully designed to look like a legitimate request (or attached file) from a company or website you trust in an effort to get you to willingly give up your login information to a particular website or to click and download a virus.

Often these e-mails look 100% legitimate and show up in the form of a PDF (scanned document) or a UPS or FedEx tracking number, bank letter, Facebook alert, bank notification, etc. That’s what makes these so dangerous — and they look exactly like a legitimate e-mail.

#1 – Hackers Use Social Engineering and Pretend To Be You

This is a basic 21st century tactic. Hackers pretend to be you to reset your passwords. In 2009, social engineers posed as Coca-Cola’s CEO, persuading an exec to open an e-mail with software that infiltrated the network. In another scenario, hackers pretended to be a popular online blogger and got Apple to reset the author’s iCloud password.

HOW TO PREVENT GETTING HACKED

If you are concerned about employees and the dangers of cybercriminals gaining access to your network, there are a few things you can do.

• Educate Your Employees: 95% of cyber attacks are caused by human error. By implementing security awareness training (also known as Human Risk Management) for your employees, you are preventing cyber attacks from infecting your environment.
• Perform a Security Risk Assessment: This will provide you with detailed insight into your environment and usage, helping you to improve efficiency, security, and utilization of the technology in your organization.
• Utilize Endpoint Detection and Response (EDR): By implementing EDR, you will be able to see more information about your endpoints and respond faster. In addition, EDR tools identify and protect against advanced forms of malware (such as polymorphic malware), APTs, and phishing attacks. EDR catches what gets past your anti-virus.
• Enact Secure Managed Services: Not only do Secure Managed Services provide your organization with an expanded security team, but expanded specialized skillsets, 24/7 threat detection, and access to threat intelligence.

In utilizing Secure Managed Services with Managed IT Professionals, you get access to preventative cybersecurity tools and services, from Employee Security Awareness Training and EDR to application controls. You also get access to our Security Risk Assessment, which helps you to answer questions like:

• Is your network really and truly secured against the most devious cybercriminals? And if not, what do you need to do (at a minimum) to protect yourself now?
• Is your data backup truly backing up all the important files and data you would never want to lose? We’ll also reveal exactly how long it would take to restore your files (most people are shocked to learn it will take much longer than they anticipated).
• Are your employees freely using the Internet to access gambling and porn sites, to look for other jobs and waste time shopping, or to check personal e-mail and social media sites? You know some of this is going on right now, but do you know to what extent?
• Are you accidentally violating any HIPAA, PCI or other data-privacy laws? New laws are being put in place frequently and it’s easy to violate one without even being aware; however, you’d still have to suffer the bad PR and pay the fines.
• Is your firewall and antivirus configured properly and up-to-date? Staying on top of system and firewall patches and configuration best practices is not only critical, but time consuming. Outsourcing IT services for day-to-day management of systems can relieve your IT department from these tasks so they can work on business-building initiatives.
• Are your employees storing confidential and important information on unprotected web apps and services, like OneDrive or Dropbox, that are outside of your backup? It’s natural to want to think, “We’ve got it covered.” Yet I can practically guarantee our team will find one or more ways your business is at serious risk for hacker attacks, data loss and extended downtime.

Explore Your Options for a Secure & More Reliable Network

Managed IT Professionals can help your small business set up and manage multiple layers of advanced cybersecurity protection ensuring client data safety and safe and reliable network operation.  We can help you fully optimize your cybersecurity with top level next-generation protection throughout your organization. Contact us today to schedule a free consultation! Call (201) 300-3825,  contact us, or schedule a free consultation.