Teknik IT Management & Data Security has developed this blog to give you ideas and useful information to help our readers understand and receive the most benefit from fast-changing technology.
The information provided in our blog is comprised of the authors' thoughts and solely their opinions based on their experience and research. If you implement any recommendations offered here, you do so at your own risk. Teknik IT Mgmt and Data Security, the authors and contributors are not responsible for any resulting outcome.
Before implementing any changes to your technology, we recommend consulting with an IT professional to make sure they are appropriate for your unique situation.
Get useful information about technology by subscribing to our newsletter and blog.
Many small and medium (SMB) business owners believe that their systems wouldn’t be of much interest to hackers because cyber-attacks on large businesses receive the most media attention. Unfortunately, they are very wrong. Hackers are attracted to small and medium businesses in increasing numbers. Tim Francis, Enterprise Lead for Cyber Insurance at Travelers Insurance, said at a panel discussion in 2015 that 62% of cyber-attack victims are small businesses. The resulting financial losses and damage to their reputation can be devastating.
The first reason SMBs are such an attractive target is their vulnerability. Smaller companies often don’t have the high-grade network security or strict employee computer use policies of larger companies, making them much easier targets.
The second reason is that small and medium businesses have a treasure trove of information in their networks that cyber criminals can sell on the black market for a high price. The information is then used to commit such crimes as holding data hostage for ransom, making purchases with stolen credit card numbers, committing identity fraud or fabricating medical insurance claims with stolen personal health information (PHI).
There are many methods cyber criminals use to obtain this information. They use a combination of technical attacks and techniques that take advantage of human error.
In technical attacks, hackers exploit vulnerabilities in business systems and networks caused by out of date firmware, patches or security updates. They then use these vulnerabilities to infiltrate them. Also, misconfigured firewalls and security policies can leave the doors wide open for these hackers. Another method is brute force attack software utilities that keep trying different passwords on a network until they find one that works. They can also gain access to company systems through Wi-Fi that lacks adequate security.
If a business has its infrastructure secured, cyber criminals can focus their efforts on the system’s users. Malware and viruses are harmless looking pieces of code imbedding in websites or email attachments that can infect a computer when they’re clicked on. With phishing emails, hackers impersonate a trusted source and request sensitive information or direct you to take an action such as transferring funds. There are also phone scams in which a hacker will call and impersonate a trusted technology vendor so that the user will give them remote access to their computer to fix a “problem”.
In social engineering, cyber criminals use information available on social media and the internet to impersonate an employee to try to get an account reset from the tech department or a line of business application vendor so that they can gain access. Hackers also use social media to look for clues like hobbies or children and pet names to guess passwords.
Users can also make their company’s networks vulnerable by using their computers for things not strictly related to work. Many free downloads of apps and utilities contain spyware, malware and viruses. Peer to peer sharing websites that offer illegal and pirated software for downloading and pornography websites are also notorious for being sources of infection. Even social media and news websites can contain pop-ups, ads and games that can harm computers.
Even though they may not have the big technology budgets of large corporations, SMBs can take proactive steps to defend themselves and their customers’ data from cyber criminals.
Businesses should make sure that they either have dedicated in-house IT staff who are truly capable of setting up and maintaining a secure infrastructure, or outsource the function to an IT service or cloud provider with expertise in business technology. Your IT personnel can and should set network policies and enable security software that disallow employees from going to dangerous places on the internet or making unauthorized downloads. Also, regular weekly and monthly maintenance should be performed on all systems to insure firmware, patches or security updates are applied. Real-time monitoring software is also available to alert you if your network security is compromised.
Employee education and technology use policies are another often under-utilized line of defense. Make your staff aware of how important it is to use work computers appropriately and how hackers may try to trick them. Encourage them to independently verify information requests or check with your IT personnel when in doubt before they click on links or open attachments. And they should NEVER ignore threat warnings from their anti-virus software. If it says it’s a threat, it most likely is a threat. Employees should have different passwords for their network profile and each line of business software application, making sure they are complex and changed on a regular rotation.
No network is completely invulnerable to hacking, but there are steps small and medium businesses can take to protect themselves which will make life harder for cyber criminals and encourage them focus on easier targets.
Written by Karen Anderson
Wednesday, August 10, 2016
Written by Karen Anderson
Find out more about the ways Teknik IT Mgmt & Data Security can help you by calling us today to set up a free consultation for our services.
Serving all your computer and business technology needs!