When a burglar is trying to break into a house, they case the place for weak spots, such as open windows, unlocked doors, or they might befriend one of the household members to gain entry without suspicion.
Similarly, cyber criminals look for easy access points that they can use to break into your IT systems for valuable information. So, which spots are the most vulnerable, and how can your Omaha IT service provider secure them before they are exploited? Find out below:
Top access points for cyber criminals:
1. Emails
Phishing attacks account for 30% of breaches. Hackers use numerous methods to phish their target, including placing a link in an email to a survey, attaching a “document” that needs to be approved, or sending a simple, but urgent message asking for information. Usually, the links or surveys ask for login credentials which can be used to access files within the database. It is like someone building a relationship with you to encourage you to invite them over, and they steal your money. They make a profit; you pay the cost.
2. Weak passwords
When a cybercriminal cannot find a way to channel in directly, they resort to other methods, such as using a password cracking tool. Like a burglar putting in random codes to shut off the security alarm, hackers will try different combinations people will likely use as their passwords or speed up the process by using a tool. Since 24% of Americans are reusing passwords such as “password,” “Qwerty,” and “123456,” it only takes a couple of tries for hackers to break in. Additionally, if they figure out your personalized username (which is often your email) and password, they will reuse it to break into other accounts you log into. Even though this could be easily remedied through a password manager, many people create easy-to-remember or reusable passwords for efficiency. But remember: if it is easy to recall, it is easy to break in.
3. Unprotected shared folders
Like taking a package on your porch, some cyber criminals will grab information that does not require breaking in. They just have to be on the lookout for an opportunity, such as unprotected shared folders. Whether they contain sensitive data or not, hackers will use any information they can sell or use to lead them to a higher profit. Furthermore, if it is a folder you are consistently adding information to, you are unknowingly handing them data they can use whenever they want. While Google Drive and Dropbox both supply encryption and multi-identification authorization systems, using strong passwords (that have not been reused) provides another layer of protection to keep hackers out.
4. Mobile devices
Mobile devices, should they get lost or stolen, or be used on insecure Wi-Fi connections, run the risk of someone getting into your device and stealing data. Leaving that window open (burglar pun intended) can be a gateway into email, banking apps, files, messaging, and any other application information you might look at on your mobile device. Even though most cell phones require a biometric passcode, such as a face scan or fingerprint, hackers can break the backup password to get into the phone.
5. Poor security patching
Security patches correct errors in application code which address vulnerabilities within the system. Not updating the application is like buying a cheap security system to safeguard your home; even if it is installed, it will not keep you as safe as you could be. Patches that are not applied allow hackers a door to apply ransomware or access data. Some might argue having cheap security is better than having no security at all. But you still run the risk of losing thousands of dollars when you don't invest in the tasks and tools that could have saved you time, money and frustration. Applying security patches within your network is worth the time to prevent business risk, and the added expense ransomware could impose.
Don’t let the next victim be your business.
These may be the top access points a cybercriminal might use to break in, but each one of them have a solution to block or prevent an IT security incident:
- Train your employees to watch out for signs of phishing email attempts
- Use a password manager to keep your strong, unique passwords in one secure place
- Encrypt your folders with passwords and MFA (Multi Factor Authentication)
- Encourage your staff to use strong backup passwords to get into their mobile devices
- Implement application patches
- Invest in cyber insurance, and Business Continuity and Disaster Recovery plans to prepare you for the next attack
We have an IT Security Scorecard available for your business today!
How do you know if your business database is safe from an attack? Evaluate your business with a simple, yet effective IT security scorecard built for small to midsize businesses. Access it here: