Cybersecurity – Flint Tech Solutions

credit: Christina at wocintechchat on Unsplash

If you’re still with us, we really appreciate your time and attention as we explore the issue of cybersecurity this month!

Now let’s look at something a little different from passwords and malware: Web attacks.

This is any attempt to breach your web site. As we said before, hackers are financially motivated, and anything from an eCommerce site to a small-business site is equally attractive. They tend to look for vulnerabilities that include a system flaw or weakness that can be exploited.

So let’s look at the most common types of web attacks:

Injection Attacks: These pose the highest risk for websites. The SQL (pronounced “sequel”) Injection is the most popular among hackers. Any injection attack directly targets the website and server database. The hacker inserts code that shows hidden data and user input, allows for data modification, and otherwise compromises the application as a whole.
Cross-Site Scripting: Whereas SQL attacks go after a vulnerable website’s data, a cross-site scripting attack goes after the website’s users. This also involves injecting code into a website, but it only runs in the user’s browser when they visit the compromised site and only goes after the users directly. Comments on blogs are one example of the ways an attacker could deploy this kind of attack.
Fuzzing: Also known as Fuzz Testing, this is used legitimately by software developers to test for coding errors and security loopholes. But attackers also use it to look for vulnerabilities in a website they want to target. At first, copious amounts of random data are fed into an application to force it to crash, then the fuzzer tool is used to identify weaknesses. Any loopholes in the website’s security can be further exploited by the attacker.
Path/Directory Traversal: This attack is less common than the others, but it’s still pretty serious. It’s a little more technical than the others too. Attackers attempt to access unauthorized files or directories outside the web root folder by injecting patterns to move up in the server hierarchy. This can allow for compromised access to all kinds of sensitive data, files, databases, and more on the same physical server.

As with the other types of cyber threats, any one of these attacks can result in catastrophic loses for your business. The best way to protect yourself is to enlist the help of a trusted tech partner like Flint Tech Solutions to monitor, protect, and help you recover in the event of an attack.

Here are some ways you can protect yourself:

Validation: Implementing advanced validation techniques for anyone who visits your website will help reduce your risk of attack.
Security Testing: Web application security testing tools are something any small business owner can use, and there are a number of open source tools available.
Firewall: Setting up a web application firewall (WAF) can help protect against web attacks.
Stay Up-to-Date: Make sure your security applications get updated regularly.

The bottom line for small business owners today is that cyber attacks are getting more and more sophisticated, and having a tech partner you can rely on to have your back is essential.

At Flint Tech, our goal is to take the pressure off when it comes to your small-business tech needs so that you’re free to pursue your goals, because your success is our success. Click on our icon below to find out more.

We hope you’re enjoying this month’s series on cybersecurity! Stay tuned to learn about more cybersecurity threats and what you can do to protect your business.

[image credit: VIN JD on Unsplash.com]

We’re so glad you’ve joined us for our month-long series on cybersecurity! Today we’re moving beyond the well-known threats to something a little more sinister: security breaches.

As we wrote about before, security breaches include any attempt to gain unauthorized access to your system, also known as “hacking.” Cracking passwords, elevating privileges, and breaking into a server are all examples.

Hackers generally attack by means of assessing their target, using network or social-based attack methods, and extracting confidential data.

Security breaches can happen at any time, and when they involve the exposure of customer or client data, they are difficult to keep private. The loss of business that often results from a breach can be devastating for a small business.

Often, breaches are caused by the human errors of insiders, whether it’s clicking on a malicious e-mail or not keeping passwords secure enough (too weak, not changed often enough, etc.).

There are several types of processes that, if handled properly, could prevent a breach:

Weak Passwords: As stated earlier, overly simplistic passwords are prime targets for hackers. Making up something you can remember is no longer an option: the longer and more complex, the better.

Orphan Accounts: After an employee has left a company and moved on, their access to accounts is often left inactive rather than being terminated. If a malicious user were to gain access to an account via the unused credentials, nobody in the company would know unless appropriate controls were in place to monitor such activity.

Over-entitled Identities: Unregulated access to sensitive information and systems can create areas of weakness if not managed carefully. Executive and low-risk system and data users alike are equally valuable targets for hacking.

“Ok, so I just set reminders to change the passwords regularly,” you say. “Boom. Done. No extra money splashed out on a fancy Tech company I can’t afford. Next question…”

But hear us out: why burden yourself and your people with taking partially effective measures when a solid IT team can provide the kind of wide-ranging protection your company needs?

There are certainly things you can do yourself, like…

Establish better security habits: For instance, make it a policy to have strong passwords that get changed routinely. Establishing this habit alone will substantially cut down the risk–the longer it takes a hacker to get through, the more likely it is they’ll be caught.

But there are other things your people may not have the right kind of support or resources to accomplish, such as…

Solid Identity Protection: Allow your IT team (be they in-house or hired from outside) to have a holistic view of your systems and data so they can assess your risk and create a plan to detect attacks as quickly as possible.

If you haven’t developed a cybersecurity plan for your company or even budgeted for cybersecurity in the first place, there’s no time like the present to start. A few questions to ask yourself when considering your plan include:

What will it cost us if a breach occurs?
What controls/protections do we currently have in place?
What will we do if a breach takes place?
What can be done now to offer the best protection?

And of course, keep following our blog as we continue to discuss cyber crimes and solutions this month. Stay tuned!

[image credit: Ales Nesetril on Unsplash.com]

Thanks for joining us during Cybersecurity Awareness Month!

As you know from our last post, cybercrime is a growing trend affecting big and small businesses alike. We’ll be examining each of the most common network threats this month, including what business owners like you can do to defend yourselves.

So let’s get started with the most well-known threat:

Malware is a standard term for software with a malicious purpose. This includes viruses, adware, worms, the Trojan horse program, and spyware. Cyber criminals install their weapon of choice on your computers and other devices, which allows them to spy on your company’s online activities, obtain passwords and files, or attack others from your system.

This is not just a threat to Windows users—Mac devices, all types of smartphones, even security cameras are all at risk. And speaking of security cameras, if your business is connected to the internet of things (Smart in-home devices, like Amazon’s Alexa, that are connected to everything from your computers to your fridge and coffee maker), those are also at risk of attack. Anything with an IP address is fair game.

In the case of ransomware, criminals can lock your out of your files until you pay a ransom. There’s lots of money to be made for cybercriminals the more devices they affect, which means this is one threat that everyone should take seriously.

So what to do?

If you’ve ever booted up a brand-new computer, chances are you’re familiar with the ubiquitous McAfee antivirus software offers that last as long as the device itself (until you get your tech-expert cousin or brother-in-law to remove them). If you’ve ever caved in and purchased that or any other antivirus protection subscription, turns out you were only handling part of the problem.

Viruses are only one type of malware, and cybercriminals are continuously developing new, cutting-edge threats that are harder to catch. Antivirus software needs to be constantly updated to detect the newest types of malware. In addition, the best way to ensure you never lose anything to a malware attack is to back up everything either on Cloud-based services or on offline external hard drives.

Additionally, there is another way to protect yourself: Managed Security Services (MSS).

Simply put, MSS is what happens when a trusted tech partner (the Managed Service Provider, or MSP) handles cybersecurity for an organization, be it big or small. Their services monitor the organization’s devices for signs of potentially threatening activity, but they’re able to filter out false positives and only deal with real issues. This saves the organization time and effort in reviewing potential threats, which allows them to spend more time focusing on their mission.

MSP’s often create and implement a high level IT strategy, backup the organization’s data, update their systems, fix any technical issues, and arrange security controls. Far beyond trusting in a few antivirus programs, they provide many layers of security to their clients.

“Why does this matter to a small business?” you may wonder. “It sounds like pointless expense. After all, McAfee’s not that bad.”

And we get it–time is money, and small business owners rarely have enough of either.

But why worry about cybersecurity all on your own when investing in a solid tech partnership can give you peace of mind as well as more time to devote to your business? Properly handled, MSS can minimize the human errors we all make that will leave your business open to a costly attack.

To learn more, stick around for our next post highlighting another common cyber threat–security breaches.

Stay tuned!

You make sure to have working locks (and maybe cameras) on your home, your office, even your car . . . but what about your computer system? According to the FBI’s Internet Crime Complaint Center’s (IC3) 2020 internet crime report, complaints of suspected internet crime have increased by more than 300,000 since 2019. If your business is relying more heavily on the internet now to keep things running smoothly than it was in 2019 (or if it’s joining the digital age for the first time), you cannot afford to pass up educating yourself about cybercrime.

In preparation for Cybersecurity Awareness Month in October, Flint Tech will be taking a close look at cybercrime, including how to identify the different types of cyberattacks and what small businesses can do to protect themselves.

“But I’m a small business,” you say. “Are hackers really going to bother with little old me?”

According to a 2014 Year-End Report from the National Small Business Association, “half of all small businesses report they have been the victim of a cyber-attack–up from 44 percent just two years ago.”

Half of all small businesses in 2014. And it’s only grown from there.

You could put on your best Clint Eastwood expression and decide luck is on your side . . .

Or you could stick with us for the month of October and equip yourself to better protect your company.

Let’s dive in by identifying the most common types of network security threats.

Most of them fall into one of six categories:

Malware
Security Breaches
Denial of Service (DoS) attacks
Web attacks
Session hijacking
DNS poisoning

We’ll begin with one most of us know about:

Malware: A generic term for software that has a malicious purpose, including virus attacks, worms, adware, Trojan horses, and spyware. It is the most prevalent danger to your system. Some common ways to protect yourself include keeping your software updated, be cautious of links and attachments in emails, and identify malicious/compromised websites (tip: look for numerals substituted for letters or unintentional misspellings in the domain name).

Security Breaches: These attacks include any attempt to gain unauthorized access to your system. Cracking passwords, elevating privileges, and breaking into a server are all things you probably associate with the term “hacking.” A Stanford University study shows that 88% of data breaches are down to human error. When a solid tech partner has your back, you can rest easier about your system’s security.

Denial of Service (DoS) Attacks: This attack happens when legitimate users are unable to access devices, information systems, and similar network resources. This can include email, online accounts, websites, etc. It costs organizations time and money while their resources are inaccessible. Partnering with a solid tech administrator can help reduce the effects of an attack on your system.

Web Attacks: This is any attack that attempts to breach your website, including SQL injection and cross-site scripting. Website vulnerabilities include a system flaw or weakness that can be exploited to compromise security.

Session Hijacking: These attacks are pretty advanced and involve an attacker using cookies to take over a session. This type of attack has become easier to perpetrate over time, as certain social media giants can attest.

DNS Poisoning: This type of attack seeks to compromise a DNS server so that users can be redirected to malicious websites, including phishing websites. It is one of the trickiest cyber attacks out there. Secure web hosting is a crucial part of defending against it.

Threats are always more frightening when you don’t know anything about them. We look forward to giving you more information on each of these types of threats over the next month as well as the keys to defending yourself and your small business. Stay tuned!

Quick Links

Contact Us

Flint Tech’s Cybersecurity Awareness Series: Web Attacks

Flint Tech’s Cybersecurity Awareness Series: Security Breaches

Flint Tech’s Cybersecurity Awareness Series: Malware Threats and Defenses

Join us in October for Cybersecurity Awareness Month!

Quick Links

Contact Us