Flint Tech’s Cybersecurity Awareness Series: Security Breaches
Flint Tech’s Cybersecurity Awareness Series: Security Breaches

[image credit: VIN JD on Unsplash.com]

We’re so glad you’ve joined us for our month-long series on cybersecurity! Today we’re moving beyond the well-known threats to something a little more sinister: security breaches.

credit: theenemywithin on Tenor.com

As we wrote about before, security breaches include any attempt to gain unauthorized access to your system, also known as “hacking.” Cracking passwords, elevating privileges, and breaking into a server are all examples.

Hackers generally attack by means of assessing their target, using network or social-based attack methods, and extracting confidential data.

Security breaches can happen at any time, and when they involve the exposure of customer or client data, they are difficult to keep private. The loss of business that often results from a breach can be devastating for a small business.

Often, breaches are caused by the human errors of insiders, whether it’s clicking on a malicious e-mail or not keeping passwords secure enough (too weak, not changed often enough, etc.).

There are several types of processes that, if handled properly, could prevent a breach:

Weak Passwords: As stated earlier, overly simplistic passwords are prime targets for hackers. Making up something you can remember is no longer an option: the longer and more complex, the better.

Orphan Accounts: After an employee has left a company and moved on, their access to accounts is often left inactive rather than being terminated. If a malicious user were to gain access to an account via the unused credentials, nobody in the company would know unless appropriate controls were in place to monitor such activity.

Over-entitled Identities: Unregulated access to sensitive information and systems can create areas of weakness if not managed carefully. Executive and low-risk system and data users alike are equally valuable targets for hacking.

“Ok, so I just set reminders to change the passwords regularly,” you say. “Boom. Done. No extra money splashed out on a fancy Tech company I can’t afford. Next question…”

But hear us out: why burden yourself and your people with taking partially effective measures when a solid IT team can provide the kind of wide-ranging protection your company needs?

There are certainly things you can do yourself, like…

Establish better security habits: For instance, make it a policy to have strong passwords that get changed routinely. Establishing this habit alone will substantially cut down the risk–the longer it takes a hacker to get through, the more likely it is they’ll be caught.

But there are other things your people may not have the right kind of support or resources to accomplish, such as…

Solid Identity Protection: Allow your IT team (be they in-house or hired from outside) to have a holistic view of your systems and data so they can assess your risk and create a plan to detect attacks as quickly as possible.

If you haven’t developed a cybersecurity plan for your company or even budgeted for cybersecurity in the first place, there’s no time like the present to start. A few questions to ask yourself when considering your plan include:

  • What will it cost us if a breach occurs?
  • What controls/protections do we currently have in place?
  • What will we do if a breach takes place?
  • What can be done now to offer the best protection?

And of course, keep following our blog as we continue to discuss cyber crimes and solutions this month. Stay tuned!

Join us in October for Cybersecurity Awareness Month!
Join us in October for Cybersecurity Awareness Month!
credit: Pete Linforth on Unsplash.com

You make sure to have working locks (and maybe cameras) on your home, your office, even your car . . . but what about your computer system? According to the FBI’s Internet Crime Complaint Center’s (IC3) 2020 internet crime report, complaints of suspected internet crime have increased by more than 300,000 since 2019. If your business is relying more heavily on the internet now to keep things running smoothly than it was in 2019 (or if it’s joining the digital age for the first time), you cannot afford to pass up educating yourself about cybercrime.

In preparation for Cybersecurity Awareness Month in October, Flint Tech will be taking a close look at cybercrime, including how to identify the different types of cyberattacks and what small businesses can do to protect themselves.

“But I’m a small business,” you say. “Are hackers really going to bother with little old me?”

According to a 2014 Year-End Report from the National Small Business Association, “half of all small businesses report they have been the victim of a cyber-attack–up from 44 percent just two years ago.”

Half of all small businesses in 2014. And it’s only grown from there.

You could put on your best Clint Eastwood expression and decide luck is on your side . . .

Or you could stick with us for the month of October and equip yourself to better protect your company.

Let’s dive in by identifying the most common types of network security threats.

Most of them fall into one of six categories:

  • Malware
  • Security Breaches
  • Denial of Service (DoS) attacks
  • Web attacks
  • Session hijacking
  • DNS poisoning

We’ll begin with one most of us know about:

Malware: A generic term for software that has a malicious purpose, including virus attacks, worms, adware, Trojan horses, and spyware. It is the most prevalent danger to your system. Some common ways to protect yourself include keeping your software updated, be cautious of links and attachments in emails, and identify malicious/compromised websites (tip: look for numerals substituted for letters or unintentional misspellings in the domain name).

Security Breaches: These attacks include any attempt to gain unauthorized access to your system. Cracking passwords, elevating privileges, and breaking into a server are all things you probably associate with the term “hacking.” A Stanford University study shows that 88% of data breaches are down to human error. When a solid tech partner has your back, you can rest easier about your system’s security.

Denial of Service (DoS) Attacks: This attack happens when legitimate users are unable to access devices, information systems, and similar network resources. This can include email, online accounts, websites, etc. It costs organizations time and money while their resources are inaccessible. Partnering with a solid tech administrator can help reduce the effects of an attack on your system.

Web Attacks: This is any attack that attempts to breach your website, including SQL injection and cross-site scripting. Website vulnerabilities include a system flaw or weakness that can be exploited to compromise security.

Session Hijacking: These attacks are pretty advanced and involve an attacker using cookies to take over a session. This type of attack has become easier to perpetrate over time, as certain social media giants can attest.

DNS Poisoning: This type of attack seeks to compromise a DNS server so that users can be redirected to malicious websites, including phishing websites. It is one of the trickiest cyber attacks out there. Secure web hosting is a crucial part of defending against it.

Threats are always more frightening when you don’t know anything about them. We look forward to giving you more information on each of these types of threats over the next month as well as the keys to defending yourself and your small business. Stay tuned!