Technology Blog »

Five Common Ways Businesses Get Hacked


SMBHack

Cybersecurity is a constant battle, but there are significant steps you can take to keep your IT defenses strong and effective, one of which is to increase your knowledge of security threats, here are five common ways businesses can get hacked

Users are often tricked into installing malicious software

There are countless ways bad actors can trick you into downloading and installing Malware, one is by tricking you into downloading software from torrent websites.  When you visit a torrent site, you are told to download software for the site to load properly.  Once downloaded, the malware that came with the software infects your system. In other cases, hackers send emails with a malware-infected attachment.

Luckily, there are steps you can take to avoid accidentally installing malware:

  • Never download files from an untrusted source. If a website is asking you to download something, make sure it’s reputable and reliable. Double-check the URL of the website as well, as hackers can spoof legitimate websites and use similar but slightly altered URLs, such as “www.g00gle.com” instead of “www.google.com.” If you are unsure, it’s best to avoid downloading and installing the software.
  • Always look at the name of the file before downloading. A lot of malware is often deliberately given names similar to legitimate files, with only a slight spelling mistake or some unusual wording. If you are unsure about the file, then don’t download it. If you know the sender, you may contact them to verify the file’s authenticity.
  • Always scan a file before installing it. Use your antivirus scanner to check downloaded files before opening them.
  • Stay away from sites with torrents, adult content, or those that stream pirated videos. These sites often contain malware, so avoid them altogether.

Users are Allowed to Have Admin Privileges on their Workstations

It is very typical in a small business that doesn't have an MSP managing their network to allow their users to be logged into their workstations with local or domain administrator privileges.  Being an administrator even on your local PC allows you to make any changes to any setting, install programs, and manage other accounts.  While this can be convenient it is also extremely dangerous because if a hacker or malware has access to the system, they will have full access to your computer allowing the hackers or malware to install other malicious software, change settings, or even completely hijack the machine.

Even worse is if a hacker gains access to a computer used to manage the overall IT network. Should this happen, they can control the entire network and do as they please.

Never use the computer as an administrator, limit the administrator role only to users who need to install applications or change settings on their computer, and then go back to using a non-administrative role. Installing well-known Antivirus Software and keeping it up to date, and conducting regular scans will also help reduce the chances of being infected but the latter doesn't make using admin privileges a good idea.

Employees Lack Basic Cybersecurity Understanding

All too often today's users still lack even a basic understanding of cybersecurity and have very poor cyber hygiene.  This is why it is essential to beef up your "human firewall" by getting an ongoing cybersecurity awareness training program implemented that helps identify users that need extra training.  By training users regularly in short intervals you help sure up your human firewall.  Users will learn important facts like how important it is not to ever reuse a password between sites and programs and learn how important it is to use a password manager or how to make a good password, including the importance of multifactor authentication on important tools like company email.

Someone from within the company infects the system

A disgruntled employee can compromise your IT systems. They can do so much damage, such as deleting essential data or introducing highly destructive malware.

The most effective way to prevent this, aside from ensuring your employees are happy, is to limit access to systems. For example, you may find that people in marketing have access to finance files or even admin panels. Revoke unnecessary access rights and ensure that employees only have access to the files they need.

Your Password is Compromised due to Frequent Reuse

Passwords are typically the main verification method businesses use to access their accounts and systems. The issue with this is that many people have weak passwords that are easy to crack. To make matters worse, many people even use the same password for multiple accounts, leading to a massive breach.

It is, therefore, important to use strong and different passwords for your accounts. It’s best to utilize multifactor authentication, which requires users to present more than one way to verify their identity, such as a password plus a fingerprint or a one-time code. 

Going at it alone is not a great idea, cybersecurity shouldn't be a DIY project, it is an ongoing, daily activity, If you want to learn more about securing your systems, contact us today.