With the explosive never ending growth of the Internet and connected devices comes an ever expanding number of threats to your office network.
In today’s post, we are going to take a look at the Top 5 Cyber Security Threats To Your Business by addressing both the problem and a recommended solution to each…so let’s get started!
PROBLEM – RANSOMWARE:
Ransomware like Cryptolocker and similar variants are one of the worst threats I have seen in my 20+ years of working in IT. They present a significant threat to your business due to their evil payload. If you haven’t yet heard of this type of infection, in a nutshell they run rampant across an entire network of computers encrypting all data making it completely unusable. If it gets onto your server it will encrypt everything it finds essentially bringing your business to its knees. Your data is held for a ransom, usually paid out in bitcoin to an anonymous address.
The absolute best protection against this is having good (and regularly tested) backups that cannot be accessed from your network. Without backups you are at the mercy of the Ransomware and the only other choice you have is to follow their instruction, pay the ransom and hope you actually get the decryption keys to unlock your data. Thankfully there are now several antivirus software solutions that protect against Ransomware but the virus is always changing and adapting so backups should be your #1 priority.
PROBLEM – BRUTE FORCE ATTACKS:
There are people and programs (aka bots) out there that will constantly scan the internet for ways to gain access to networks across the globe. One of the most common issues I see is poorly implemented remote access solutions. More and more staff these days are working remotely. In order to accomplish this, you have to essentially “Open a door” to your network. If this door is not properly secured, you’ll find hackers trying to bash their way in via a Brute Force attack.
Make sure your IT guys are implementing a secure solution for remote access. This should involve a VPN (Virtual Private Network) tunnel between your remote site and you office network. Secondly, enable a group policy (your IT guys will know what this is) to lock out accounts after a certain number of failed login attempts.
PROBLEM – WEAK PASSWORDS:
Still to this day I will audit a business network and find that there are some staff that have had the same password for years. Even worse it’s an easily guessed non-complex password like the name of their dog. I get that it is super annoying to have to change your password regularly but guess what…it’s even more annoying to lose your business to hackers so you MUST enforce complex and regularly updated passwords.
The good news is this is easily accomplished and can be automated by your IT guys through a built in system on your servers / workstations called Group Policy. With a quick change your network can be secured with a maximum password age (forcing users to update their passwords regularly) and enforcing complexity requirements. Sorry, your pets name will no longer work.
PROBLEM – OUTDATED TECHNOLOGY:
Ok first thing I’m going to say here is…your local big box electronics store is NOT the right place to purchase your business technology. There is a huge difference between the needs of a business and your teenage kids at home. The technology at big box stores is almost always consumer grade low end products. The primary difference being quality of parts used, construction quality and warranty. When it comes to network equipment such as routers, switches and wireless, big box options are simply not built for the security and network traffic needs of a business.
If you have an IT Consulting team and I highly recommend you hire one, they should be able to provide you with the right commercial grade products for your business. Skimping in this area will just cost you more in the long run and could potentially jeopardize the security of your network. Another important note here is make sure your technology is kept up to date with the latest versions of Windows Operating System and security patches are applied regularly as well as firmware updates.
PROBLEM: SOCIAL ENGINEERING:
Ever get one of those emails that looks like it’s from your bank advising you of a recent security concern that requires you to reset your password? How about that popup that appears to be from Microsoft telling you your computer has been infected with a virus and to call them right away? Oh and that email with a scanned document from your copier…that you never scanned? These are all examples of social engineering designed to take advantage of your trust and ultimately get access to your money or data.
The best solution against this and really for any of the above mentioned security concerns is to educate your staff. Check with your IT company to see if they offer an in house workshop or even a webinar on the topic to educate your staff on what these threats look like and how to prevent them. Always be cautious of an email you’re not expecting especially one with an attachment. Always better safe than sorry in these situations.
I hope you’ve enjoyed this article and learning about Top 5 Cyber Security Threats To Your Business. Stay safe out there!