Call Us Today   01622 763355   info@allteks.co.uk

How to avoid your business being hacked in 2017

In tech circles, talk about cyber security is more than just a murmur: it has parachuted firmly into the international mainstream, as evidenced in the recent American election. You might wonder: if the highest levels of government can be affected, what damage can those without the same resources anticipate? And ultimately – what can you do to avoid your business being hacked?

Small businesses and SMEs are a higher risk for hacking

Statistically, it’s not the ‘big fish’ that hackers are targeting. The most vulnerable seem to be organisations that you would never think would hold a particular interest to thieves: hospitals, universities, coffee shop chains, small businesses and regular, garden-variety citizens of the world. If you are a business owner with any kind of an internal network, your cyber security should be a priority. Thinking it could never happen to you is not only short-sighted, but it might just be your ruin.

Consider this: your SME may not be the ultimate prize. But if you do business with a larger organisation that thieves are targeting, they might attempt to penetrate your systems en route to their bigger goal. Hackers view small businesses as having lower defences. Fortunately, there are things you can do to change this – some technology based and some policy based – that can help you shore up your defences against hacking.

Types of hacking and how to avoid them

Ransomware

Software is deployed on your system, which gradually encrypts all of your data. The hacker then asks for a ransom in order to decrypt the files. Victims have been charged anywhere from £200 on up to return control of their files, without any real guarantee. The threat is real, but prevention is pretty easy.

How they do it: malicious software enters your system through a fraudulent email or website, which will infect one device or computer first, spreading eventually to all devices, computers and servers on the network. It can take days or weeks for the effect to firmly take hold, and by then it’s mostly too late to stop it.

How to avoid it: adopt a strict company policy against opening or clicking on unrecognized emails, accessing or clicking on ads or unknown or unapproved URLs. Training your workforce is the surest way to avoid this pitfall. Technologically, there are several gateway defences and firewalls that can prevent malicious code from entering your system at all, but your best defence is knowledge and preparation. Migrating your systems to the cloud is also a good idea, as most cloud providers offer robust security systems that are able to detect out-of-the-ordinary activity and stop it before it becomes an issue.

Social engineering tactics and phishing

One of the easiest ways thieves are able to target your network is through your employees themselves.

How they do it: emails are crafted to lure the recipient into clicking a link or launching an executable file. The user opens the message, downloads a malicious file, or is tricked into supplying personal or company information. Having gained access to the user’s computer, they can then infiltrate the rest of the network.

How to avoid it: adopt a strict company policy and educate your workforce about social engineering tactics and phishing.

Hack Attack

In this case, a system vulnerability or weak spot is exploited to gain access to the system.

How they do it: weak spots can be an unpatched vulnerability in the software you use on a daily basis, a mobile application or smart device.

How to avoid it: ensure that all of your software, including firewalls and anti-virus software, is always up to date in order to take advantage of the latest security patches. If adding smart devices to the network, be sure that it can be password protected. Many recent hacks of smart devices seem to be targeting ones with a ‘factory’ password that cannot be changed. By knowing this password, hackers can access your network through something as innocuous as a security camera, a light dimmer or thermostat.

Distributed Denial of Service

Also known as DDoS, this type of attack causes a website or service to crash by overwhelming it with huge volumes of traffic.

How they do it: using botnets, which are sometimes millions of computers, attacks are launched at a server with the aim of shutting it down, using all available connections until the site crashes.

How to avoid it: If you are running your own servers, configure your router to limit incoming traffic so that packets are dropped before they reach the server. You can also add a border gateway to your perimeter that will drop packets that are malformed, or come from a certain geographical area. Call your ISP right away if you suspect you are under attack. The larger the ISP, the more likely it is you can survive such an attack, as they will have higher volume routers and will likely have detected the issue before it goes too far, temporarily ‘null routing’ your traffic until a solution is deployed.

Spoofing

Spoofing is the process of taking over another person’s email in order to prey on their contacts for monetary gain.

How they do it: The hacker gains access to a person’s email and contact list, sending emails from that account and requesting money to be sent.

How to avoid it: if it seems fishy, contact the individual directly. Confirm details with the individual directly before taking any requested action.

How Allteks can help you avoid your business being hacked in 2017

None of us like to focus too much on things that may never happen, but when your business is at stake, you should be prepared. Allteks has been providing managed services and bespoke IT consultancy to businesses across the UK since 2001. With so many potential threats coming into play every single day, it pays to have a knowledgeable defence team on your side.

Armed with up to the moment information about potential hacking threats and protected by the latest hardware and software security solutions, your business and all of its functions will continue to be safe and secure. Call to speak to one of our security experts today, and get the peace of mind you so rightly deserve.

 

Leave a Reply

%d bloggers like this: