With cyber-threats showing no ways of calming down this year, businesses must know how hackers can get onto their network. A cyber-attack can be incredibly costly to a business, costing money, time and customer data. The easiest way a hacker can get onto your network is through humans. Humans are the most willing to give up a response to social engineering tactics.
Phishing and Social Engineering
Phishing is the biggest reason why businesses get attacked because it relies on humans. And these attacks are getting more sophisticated thanks to social engineering. One of the types of phishing that hackers use is posing as a reputable company such as Pastel or Microsoft to get your credentials. They send an email pretending to be Microsoft and coax your login details from you. The stealthier the hacker’s email, the more likely someone will click.
Another way, and more frightening, is the hacker poses as someone inside your network. The hacker will pretend to be your boss and might ask you to transfer a large sum into a bank account. To do this successfully, the hacker needs just one person to fall for the login details phishing attempt.
The best way to prevent this is user education and spam filters. Using anti-virus, like ESET and email security, like Microsoft’s ATP (Advanced Threat Protection), you can prevent 90% of attacks. It’s important to train all employees about phishing and the impacts it can have on your business.
You can take it even further and conduct phishing tests in your network. These tests will pick up which users are the most susceptible to clicking and need training.
Web App Vulnerabilities
The second way hackers get into your network is through insecure web applications. Applications are everywhere these days and are difficult to manage, which means vulnerabilities increase. These vulnerabilities are vast and extend from file uploads used to deploy attacks to weaknesses in popular web application platforms such as WordPress, Drupal, JBOSS etc.
Protect your business by making sure all web applications used have a verified SSL certificate (normally indicated by a lock next to the web address).
If a hacker can get onto one of your employee’s machines physically, they can attack your network with a virus on a USB stick, it’s as easy as that. Your employees must know that only themselves and IT can access their PC physically, especially with remote working becoming the new normal.
You can have monitoring software installed on all end-points in your business to pick up when there is a vulnerability. This will alert you and your IT team (in-house or outsourced) and the correct actions can be taken.
To protect your business, you need to make sure you have the right security in place. We’ve written about this many times. Have a read here: https://dialanerd.co.za/?s=security