In 2015, hackers breached the Ashley Madison network. This made many businesses rethink their online security and ask themselves, are we actually secure? The tactics hackers use have gotten far more sophisticated and they have been able to gain access to companies like Tk Maxx, Sony, eBay, Staples, JP Morgan and even Adobe. When it comes to having adequate security against hackers, it is an ongoing struggle to stay one step ahead.
The world of computer hacking is growing by leaps and bounds. The United States has more cyber-attacks launched on it than any other country in the world, followed by the UK. In 2014, Symantec, the creator of Norton’s Antivirus software, saw more than 317 new malware files released by hackers. It is estimated that more than 30,000 websites are infected with these malware files every day, the vast majority of which are small business websites. Here is a small list of some of the most common risks people and businesses face, as well as a few solutions.
Social engineering is one of the most widely used tactics of hackers. The focus is to manipulate people into somehow giving them sensitive information or access to critical network systems.
Phishing - They use phishing techniques to create false copies of reputable websites and send out mass emails contacting links directly to the site. They can typically trick viewers out of usernames, passwords, birthdates and credit card information.
Baiting – The baiting technique is just what it sounds like. A USB or other external device is left in an office or business in plain view of the staff. The goal is to have an employee plug it into a computer system to try and identify the owner. Once the device is connected to the computer, an intrusion program auto starts and gives access to the hacker remotely.
Pretexting – Pretexting is a little less common than baiting or phishing, but still popular. It involves the hacker created an elaborate story to try and manipulate an employee to bypass security procedures and do a manual password reset. They tend to impersonate managers or higher officers of a company that the employee would likely have limited or no access to.
Protecting Your Business And Employees From Socially Engineered Attacks
Social Engineering is easy to thwart as long as you properly train your employees and current antivirus and intrusion prevention software. Have a sound security policy in place and make sure every employee knows and understands it. The more you can educate yourself and your staff about current risks, the better protected you are.
Hackers routinely check the most common operating systems for weaknesses and vulnerabilities to exploit. When they slip into the system of your business they begin to check for software misconfigurations, missing security protocols due to a lack of system updates and bugs. When these types of attacks happen, the hacker typically ends up gaining complete, unrestricted access to the system. This type of attacks occurs in the form of:
Head On Attack – A head on attack typically goes after systems that require password and username authentication to gain access. This includes Windows and Linux servers. A program is typically used to quickly and efficiently process common username and password patterns that people tend to use. This has caused a dramatic increase in the success rate of these types of attacks.
Exploiting Software – In an attempt to provide customers with more features and in-depth systems, millions, and in some cases, billions of lines of code are used to make one software program. The larger the program the more chances of the software having glitches, bugs or weak coding that allow hackers to breach the system easily. This is why so many software programs have “Security patches” to try and resolve issues as they are detected.
Protecting Your System
Server protection is an important task for every business. Having good security practices and policies is crucial for maintaining a safe and secure server. Here are a couple of ways to protect your server.
Firewalls – Every business should configure their firewalls to remove access to vulnerable. It can limit access to servers, networks or files to specific machines and locations. Public access ports should not have access to any essential systems, nor should it be able to backtrack to other systems to allow access.
Use Intrusion Prevention Systems – By enabling an intrusion prevention and detection system tool such as Snort, businesses can monitor all network traffic. These prevention systems hunt down suspicious activity and stop it dead in its tracks. Once an intrusion has been detected, the system quickly blocks the IP address of the hacker and re-secures the system.
Create Password Policies – It is important that all employees, regardless of their position in the company, employ good password practices. This means having strong passwords that do not relate to their personal lives or work itself. These passwords should be a mix of uppercase and lowercase letters, as well as numbers and symbols. The longer the password the better. Passwords should also be changed frequently.
Manage Software Installation – Make sure you hire professionals to handle any and all software installations. While installing software is easy, configuring it to fully integrate with your system and security protocols is difficult to say the least. If you do not know what you are doing, you can compromise your entire system without even knowing it.
Maintaining a secure system is a tireless process that must be done by all businesses. Relaxing on important security protocols and practices can lead to system breaches and intrusions. As hackers have shown us over the last few years, no one is safe and regardless of who you are, you’re vulnerable. Protecting your network, server and systems are key to the survival of your business. As you look back to major companies that got attacked by hackers, you will find that most took drastic losses to their bottom line for an extended period of time after news got out about the attack. Don’t let hackers ruin your business, keep your system protected.