Flint Tech’s Cybersecurity Awareness Series: Security Breaches
Categories
Flint Tech’s Cybersecurity Awareness Series: Security Breaches

[image credit: VIN JD on Unsplash.com]

We’re so glad you’ve joined us for our month-long series on cybersecurity! Today we’re moving beyond the well-known threats to something a little more sinister: security breaches.

credit: theenemywithin on Tenor.com

As we wrote about before, security breaches include any attempt to gain unauthorized access to your system, also known as “hacking.” Cracking passwords, elevating privileges, and breaking into a server are all examples.

Hackers generally attack by means of assessing their target, using network or social-based attack methods, and extracting confidential data.

Security breaches can happen at any time, and when they involve the exposure of customer or client data, they are difficult to keep private. The loss of business that often results from a breach can be devastating for a small business.

Often, breaches are caused by the human errors of insiders, whether it’s clicking on a malicious e-mail or not keeping passwords secure enough (too weak, not changed often enough, etc.).

There are several types of processes that, if handled properly, could prevent a breach:

Weak Passwords: As stated earlier, overly simplistic passwords are prime targets for hackers. Making up something you can remember is no longer an option: the longer and more complex, the better.

Orphan Accounts: After an employee has left a company and moved on, their access to accounts is often left inactive rather than being terminated. If a malicious user were to gain access to an account via the unused credentials, nobody in the company would know unless appropriate controls were in place to monitor such activity.

Over-entitled Identities: Unregulated access to sensitive information and systems can create areas of weakness if not managed carefully. Executive and low-risk system and data users alike are equally valuable targets for hacking.

“Ok, so I just set reminders to change the passwords regularly,” you say. “Boom. Done. No extra money splashed out on a fancy Tech company I can’t afford. Next question…”

But hear us out: why burden yourself and your people with taking partially effective measures when a solid IT team can provide the kind of wide-ranging protection your company needs?

There are certainly things you can do yourself, like…

Establish better security habits: For instance, make it a policy to have strong passwords that get changed routinely. Establishing this habit alone will substantially cut down the risk–the longer it takes a hacker to get through, the more likely it is they’ll be caught.

But there are other things your people may not have the right kind of support or resources to accomplish, such as…

Solid Identity Protection: Allow your IT team (be they in-house or hired from outside) to have a holistic view of your systems and data so they can assess your risk and create a plan to detect attacks as quickly as possible.

If you haven’t developed a cybersecurity plan for your company or even budgeted for cybersecurity in the first place, there’s no time like the present to start. A few questions to ask yourself when considering your plan include:

  • What will it cost us if a breach occurs?
  • What controls/protections do we currently have in place?
  • What will we do if a breach takes place?
  • What can be done now to offer the best protection?

And of course, keep following our blog as we continue to discuss cyber crimes and solutions this month. Stay tuned!

Flint Tech’s Cybersecurity Awareness Series: Malware Threats and Defenses
Categories
Flint Tech’s Cybersecurity Awareness Series: Malware Threats and Defenses

[image credit: Ales Nesetril on Unsplash.com]

Credit: Hannah Wei on Unsplash.com

Thanks for joining us during Cybersecurity Awareness Month!

As you know from our last post, cybercrime is a growing trend affecting big and small businesses alike. We’ll be examining each of the most common network threats this month, including what business owners like you can do to defend yourselves.

So let’s get started with the most well-known threat:

credit: Lin12345pikinhater on Tenor.com

Malware is a standard term for software with a malicious purpose. This includes viruses, adware, worms, the Trojan horse program, and spyware. Cyber criminals install their weapon of choice on your computers and other devices, which allows them to spy on your company’s online activities, obtain passwords and files, or attack others from your system.

This is not just a threat to Windows users—Mac devices, all types of smartphones, even security cameras are all at risk. And speaking of security cameras, if your business is connected to the internet of things (Smart in-home devices, like Amazon’s Alexa, that are connected to everything from your computers to your fridge and coffee maker), those are also at risk of attack. Anything with an IP address is fair game.

In the case of ransomware, criminals can lock your out of your files until you pay a ransom. There’s lots of money to be made for cybercriminals the more devices they affect, which means this is one threat that everyone should take seriously.

So what to do?

If you’ve ever booted up a brand-new computer, chances are you’re familiar with the ubiquitous McAfee antivirus software offers that last as long as the device itself (until you get your tech-expert cousin or brother-in-law to remove them). If you’ve ever caved in and purchased that or any other antivirus protection subscription, turns out you were only handling part of the problem.

Viruses are only one type of malware, and cybercriminals are continuously developing new, cutting-edge threats that are harder to catch. Antivirus software needs to be constantly updated to detect the newest types of malware. In addition, the best way to ensure you never lose anything to a malware attack is to back up everything either on Cloud-based services or on offline external hard drives.

Additionally, there is another way to protect yourself: Managed Security Services (MSS).

credit: Siemens on giphy.com

Simply put, MSS is what happens when a trusted tech partner (the Managed Service Provider, or MSP) handles cybersecurity for an organization, be it big or small. Their services monitor the organization’s devices for signs of potentially threatening activity, but they’re able to filter out false positives and only deal with real issues. This saves the organization time and effort in reviewing potential threats, which allows them to spend more time focusing on their mission.

MSP’s often create and implement a high level IT strategy, backup the organization’s data, update their systems, fix any technical issues, and arrange security controls. Far beyond trusting in a few antivirus programs, they provide many layers of security to their clients.

“Why does this matter to a small business?” you may wonder. “It sounds like pointless expense. After all, McAfee’s not that bad.”

And we get it–time is money, and small business owners rarely have enough of either.

But why worry about cybersecurity all on your own when investing in a solid tech partnership can give you peace of mind as well as more time to devote to your business? Properly handled, MSS can minimize the human errors we all make that will leave your business open to a costly attack.

To learn more, stick around for our next post highlighting another common cyber threat–security breaches.

Stay tuned!

Join us in October for Cybersecurity Awareness Month!
Categories
Join us in October for Cybersecurity Awareness Month!
credit: Pete Linforth on Unsplash.com

You make sure to have working locks (and maybe cameras) on your home, your office, even your car . . . but what about your computer system? According to the FBI’s Internet Crime Complaint Center’s (IC3) 2020 internet crime report, complaints of suspected internet crime have increased by more than 300,000 since 2019. If your business is relying more heavily on the internet now to keep things running smoothly than it was in 2019 (or if it’s joining the digital age for the first time), you cannot afford to pass up educating yourself about cybercrime.

In preparation for Cybersecurity Awareness Month in October, Flint Tech will be taking a close look at cybercrime, including how to identify the different types of cyberattacks and what small businesses can do to protect themselves.

“But I’m a small business,” you say. “Are hackers really going to bother with little old me?”

According to a 2014 Year-End Report from the National Small Business Association, “half of all small businesses report they have been the victim of a cyber-attack–up from 44 percent just two years ago.”

Half of all small businesses in 2014. And it’s only grown from there.

You could put on your best Clint Eastwood expression and decide luck is on your side . . .

Or you could stick with us for the month of October and equip yourself to better protect your company.

Let’s dive in by identifying the most common types of network security threats.

Most of them fall into one of six categories:

  • Malware
  • Security Breaches
  • Denial of Service (DoS) attacks
  • Web attacks
  • Session hijacking
  • DNS poisoning

We’ll begin with one most of us know about:

Malware: A generic term for software that has a malicious purpose, including virus attacks, worms, adware, Trojan horses, and spyware. It is the most prevalent danger to your system. Some common ways to protect yourself include keeping your software updated, be cautious of links and attachments in emails, and identify malicious/compromised websites (tip: look for numerals substituted for letters or unintentional misspellings in the domain name).

Security Breaches: These attacks include any attempt to gain unauthorized access to your system. Cracking passwords, elevating privileges, and breaking into a server are all things you probably associate with the term “hacking.” A Stanford University study shows that 88% of data breaches are down to human error. When a solid tech partner has your back, you can rest easier about your system’s security.

Denial of Service (DoS) Attacks: This attack happens when legitimate users are unable to access devices, information systems, and similar network resources. This can include email, online accounts, websites, etc. It costs organizations time and money while their resources are inaccessible. Partnering with a solid tech administrator can help reduce the effects of an attack on your system.

Web Attacks: This is any attack that attempts to breach your website, including SQL injection and cross-site scripting. Website vulnerabilities include a system flaw or weakness that can be exploited to compromise security.

Session Hijacking: These attacks are pretty advanced and involve an attacker using cookies to take over a session. This type of attack has become easier to perpetrate over time, as certain social media giants can attest.

DNS Poisoning: This type of attack seeks to compromise a DNS server so that users can be redirected to malicious websites, including phishing websites. It is one of the trickiest cyber attacks out there. Secure web hosting is a crucial part of defending against it.

Threats are always more frightening when you don’t know anything about them. We look forward to giving you more information on each of these types of threats over the next month as well as the keys to defending yourself and your small business. Stay tuned!