By Michael Hall, Chief Information Security Officer
If you operate a small company, you may not think your information is valuable enough to be hacked, but you’re wrong. Hackers love small businesses because many do not properly protect their data, making them easier targets to hit.
If you are not proactively taking precautions to protect your business—at the very least with local and/or online backups, data encryption and anti-spyware that is regularly updated—then you’re making yourself an easy target.
Small Fish with Big Connections
A big reason smaller companies make especially attractive victims is their “inside” connections to bigger companies they do business with. Using that inside pathway leads the hackers to bigger, more profitable piles of information.
“In modern business supply chains, a series of companies are connected to build a product or deliver a service. When the little guy is compromised, the hacker goes up the supply chain to the client,” said David Burg, global and U.S. cybersecurity leader at PricewaterhouseCoopers.
That’s the scenario behind the big Target data breach that occurred in 2013: Thieves hacked a heating and cooling company’s computers, which allowed them to connect to credit card information from 70 million customers at the giant retail chain.
Types of Attacks
The different types of malicious attacks used by hackers are far too numerous to list them all, but here are a few common methods.
Ransomware is a growing, dangerous trend in which hackers slip malicious code into an unknowing computer user’s system. The code is used to encrypt the computer’s contents, which will only be unlocked if the user pays the demanded ransom.
A lot of people are fooled every day by email messages that look genuine, but aren’t. A phishing attempt uses an email message that looks like it comes from someone you know or from a familiar company. It may even appear to be sent directly from a friend’s email address that has been hacked. Inside the message are links that look normal and inviting, but actually lead to disastrous consequences such as:
- Download malware onto your computer that allows a hacker to access your data
- Direct you to a website that looks exactly like a site you trust, such as Gmail, Paypal or your bank website, but is actually a fake page designed to collect your login information
Fake Wireless Access Points
Ever use your laptop to jump online at a coffee shop or hotel using free public Wi-Fi?
It’s risky and here’s why:
A hacker who is connected to the internet through a legitimate wireless access point (WAP) can easily set up a fake WAP that runs through their computer using a software workaround. This fake WAP then shows up as an available free WiFi connection to the unwary victims who think they are using an internet connection.
Anyone who connects to the hacker’s fake WAP runs all of their online data through the hacker’s computer as it goes to and from the real WAP. The hacker now has access to everything being transmitted. That could include online banking transactions, passwords, credit card numbers, vacation plans, home addresses and even more personal information. And, that’s just a fraction of the data that could be stolen without victims ever knowing.
Hidden Code in Free Software
Pirated software can be incredibly enticing. So, many desirable programs, such as Adobe Photoshop and Microsoft Word, cost money that we’d rather not spend if we don’t need to. Lots of individuals and small businesses jump at the chance to obtain high-end programs at minimal or no cost. Hackers love to take advantage of this.
A common hack attack involves pirated software and/or shareware that has malicious code hidden inside. The infected software is distributed through the internet to multiple unsuspecting users. When end users install this software, they unknowingly include hidden malicious programming that silently sends sensitive data to the hacker who authored the code.
As you’ve probably guessed, this type of hack involves accessing a victim’s password-protected data using that victim’s real password. Here are two of the most popular ways this attack is run:
Dictionary attack: The hacker runs through a list of potential passwords until one works. This is why you should never use words like password or easy-to-remember numbers like 1234.
Brute force attack: The hacker knows the number of characters and runs through all possible character combinations, using specialized software to zip through the possibilities.
Here are twelve tips for a stronger password.
More Ways to Protect Yourself and Your Business
Looking for some general security tips to share with your company? Here are some good ones to follow:
- Use security, antivirus and anti-malware software
- Regularly update and patch all software
- Use strong passwords
- Don’t trust emails or phone calls asking for your private information
- Never share sensitive information over public Wi-Fi
- Have a secure website
- Secure all devices
- Back up important data