Have you ever thought about what your business looks like inside the mind of a hacker? There’s a good chance a hacker has already probed your IT infrastructure and come to the ominous conclusion: Your business is a tempting target. More than 80 percent of all businesses in the U.S. have been hacked, and many don’t even know it, according to the Duke University/CFO Magazine Global Business Outlook Survey.
Small businesses are the ideal target to a hacker because they are typically less secure than enterprise businesses yet have significantly more money in circulation than individual consumers. What you don’t know can and probably will hurt you when it comes to cybercrime. Here are four types of hackers you need to know and how to defend your business from them:
The ‘Insider’
This inconspicuous employee could be the victim of the most recent round of corporate downsizing or may be sitting in the cubicle right next to you, operating completely unnoticed. The Insider plots unseemly ways to take down the company, turn a buck, or both. The Insider squirrels away network credentials and propriety information, waiting for the glorious day of revenge.
Their Attack Strategy: The Insider likes to lurk around, operating from within the company’s own firewalls. Maybe they’ll use a tiny removable device to inject malware, spread malicious files or steal data. Or take advantage of weak on-prem security to gain access. Sometimes they operate from afar and partner with another ‘Insider’ within the company to do the dirty work.
Your Defense: Maximize your endpoint protection to disable or quarantine removable devices. Tightening internal security controls by restricting access to physical servers, computers, and devices will stop an insider in their tracks. Utilizing a strong endpoint security solution is a great way to detect, validate and prioritize unknown threats.
The ‘Cybercriminal’
Cybercriminals use their coding skills to engineer elaborate hacks and develop ready-made crimeware applications that less technical hackers buy to conduct their own cybercrime ambitions. Either way, Cybercriminals are always looking to turn a profit, pushing IT security development to new frontiers.
Their Attack Strategy: When they’re not using their elite coding skills to exploit network vulnerabilities, Cybercriminals deploy the latest viruses, malware, ransomware, phishing, and spamming schemes. They often use ready-made crimeware applications that are easy to use and capable of launching worldwide automated attacks.
Your Defense: Encryption makes data unreadable without a key and is one of the best ways to starve data-hungry hackers. Encryption works because it is so complex that attempts at decryption become an exercise in futility. Avoid being among the 40 percent of companies that do not use encryption on laptop computers or encrypt mobile devices.
The ‘Bots’
Imagine an evil ruler has an underground robot army to do their bidding, and imagine that army being able to replicate and deploy itself at will. Scary, isn’t it? Unfortunately, this is real in the world of hacking. Bots are deployed by Cybercriminals to collect personal information, infiltrate IT systems and distribute spam. Like an army of mad ants, bots are everywhere, constantly crawling the internet for a weakness to exploit.
Their Attack Strategy: Cybercriminals will use bots to exploit software vulnerabilities, break into accounts guarded by weak passwords, or by tricking you into installing their malware. They can do that in a variety of ways, including getting you to install fake software, offering to run phony antivirus scans, advertising fake retail giveaways, or posing as a fake customer service rep who needs you to log in to your account to resolve an issue. Once inside, bots get right to work relaying vital information and resources that can be sold, ransomed, or exploited.
Your Defense: Install antivirus and antispyware programs from industry leaders who deploy the latest in endpoint and network security and offer full security suites for all business types and sizes. Anti-malware programs scan and monitor your computer for known viruses and spyware. When they find something, they warn you and help you take action.
The ‘Script Kiddie’
The ‘Script Kiddie’ is an ambitious young hacker in their teens or early 20s looking for an easy score. They typically lack the ability to write programs on their own but can do considerable damage if they stumble upon an obvious network vulnerability.
Their Attack Strategy: The ‘Script Kiddie’ uses borrowed programs and common exploits to identify and take advantage of your vulnerabilities. They may happen upon your insecure data, weak passwords, or careless employees.
Your Defense: Consider implementing a stricter password policy for your end users. They may not realize that ‘Passwd1234’ makes your business vulnerable. One-factor authentication of a username and password isn’t enough to protect your business. Use advanced authentication, which requires an additional, non-password factor and eliminates some of the most common forms of hacking.
Next Steps
Now that you know some of the potential threats to your business, you are ready to strengthen your IT security plan. Here’s what you need to do:
1) Get a network security assessment to reveal potential threats. CCB’s network security assessment tests the strength of your existing policies, finds vulnerabilities, and delivers a report so you can show your boss all the details.
2) Based on your report, implement the security solutions to close the gaps. CCB partners with industry leaders in network and endpoint security to keep you up-to-date with ever-evolving security needs.
3) Educate your employees about your IT security plan. Your security measures will be wasted if your end users don’t learn how to use them. Get buy-in from upper management and implement user-friendly controls that every employee can follow.
We are always happy to give you professional insight into what solutions are best for you. Send us a message and let us know how we can help.
