Cybersecurity is becoming a bigger and bigger issue these days. With the recent announcements of breaches at Yahoo and Equifax, it’s quickly becoming apparent that businesses aren’t doing enough to protect themselves from incursion. For many smaller companies though, who might not have their own cybersecurity professionals on staff, it may not be readily apparent what risks they face when doing business on the web.
Ignorance may be bliss, but it’s certainly not a defense. To help businesses better understand what’s at risk, we’ve put together this list of some of the more common tactics used by hackers. The threats are real, and everyone needs to know what’s at stake.
Ransomware is a tactic that, rather than stealing data, holds data hostage. Organizations (such as hospitals) or individuals are hacked, and vital customer information is encrypted, denying the owner access. The hackers then demand payment in order to return it. It happens more often than you might think.
Your password is easier to crack than you think. Most hackers don’t guess your password via brute force, they use things like dictionary attacks and rainbow tables, and odds are, the password you’ve chosen is on one of their lists. And once they’ve cracked a user login that has admin privileges in your system, you might as well hand them your information in a gift box.
The WannaCry ransomware hack is a perfect example of hackers exploiting a weakness in software code. There was a security vulnerability in Windows operating systems that, when manipulated, granted access to the hackers and allowed the worm to spread. There was a software patch that fixed the vulnerability, but many had failed to update, and they became victims because of it.
Even if the software on your computers is ship shape, your website might not be. If your website lacks a digital certificate and doesn’t host over HTTPS, your transactions are susceptible to man-in-the-middle attacks, packet sniffing, and more. Even if you host some of your website over HTTPS, you’re vulnerable to downgrade attacks, and hackers can sidestep the HTTPS pages and gain access to the ones hosted on HTTP. What’s more, vulnerabilities in the code, much like in software code, can grant access and privileges to those who find them.
While ransomware and other viruses invade your computer without any input on your part, malware is software you grant access to willingly, if unwittingly. Usually found in shady parts of the internet, or on emails from unreliable sources, it comes in the form of a program or file that has to be downloaded to do its damage. A common source is the download of pirated video files—often, what you’re getting is dangerous software that harms your computer or steals your information, rather than a free movie. Every company with less-than-savvy computer users is at risk.
Sometimes hackers get creative with the malware and try to package it as part of a communication that seems like it’s from a reputable source. Disguising themselves as a friend, the IRS, or Microsoft support, they will send an email instructing you to download a program or file. The file is malware, and you’re being “phished.” The untrained and unprepared frequently fall for the deception.
One of the reasons malware is so dangerous is that it enables things like Distributed Denial of Service attacks. This is when a hacker, using a host of computers they’ve infected with malware, makes a large number of server requests of a website at the same time. Even just having all the computers go to the homepage of the website at the same time does the trick. The flood of requests overloads the server, causing it to crash, thus denying the service. Without the proper redundancies, a DDOS attack can bring your business to a screeching halt.
How to Protect Your Business
Protecting your business is a matter of anticipating the danger, and taking steps to prepare. Here are some of the most important steps to do:
- Make sure you’re keeping your software up-to-date
- Put firewalls and antivirus software in place
- Host your whole website over HTTPS
- Make your passwords harder to crack, or use a password manager
- Train your employees to recognize malware and phishing
Lastly, consider getting help with your cybersecurity. Not every business is big enough to fund their own team of specialists, and having some experts on retainer to help you close vulnerabilities and recover from breaches can save you a lot in expenses and lost capital.