Most small businesses don’t have the luxury of an in-house IT department. Even if they do have one, it’s likely a small department run by a handful of folks who have their hands full with either implementation projects or simply staying afloat. With opportunities to invest in the improvement of your infrastructure few and far between, a network audit can help you identify where your network suffers most, and what you can do about it.
QuestingHound Technology Partners Blog
If you’ve watched the news lately, chances are you’ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’s important to remember that it’s often not your specific credentials targeted by hackers. Since businesses often hold onto valuable information, they have big crosshairs painted onto them. It doesn’t even stop there--any vendors or partners you deal with are also in danger of hacking attacks.
There are dozens of surveys and reports produced each year that evaluate digital threats and cybercrime. Not every publication applies to every business - but many of them do have some important take aways about the best practices of handling IT. Here’s few highlights from the 2017 Cyberthreat Defense Report that offer important insight for SMBs and their use of technology.
Based on the headlines you see today, it’s no question that cybersecurity is something that every business owner should be concerned about. As attacks become bigger and more frequent, all decision makers must ask the question: who needs to step up and ensure my IT resources are secure?
There are many types of online threats that the average business owner needs to understand and be prepared for. The problem here is that no two threats are alike, and they all perform different functions. One thing that all threats have in common is that they want to disrupt your operations in any way possible. To help you better prepare your organization for these threats, we’ll discuss a particularly dangerous malware: the rootkit hack.
Your data needs to be protected--that’s something that we all can agree on. However, even if your data were to be targeted in a data breach, would you be able to see the attack coming? Here are three telltale signs that your data is in imminent danger.
Verizon has taken to publishing a compilation report analyzing data breach statistics with the help of industry partners, a report that is widely regarded as a must-read for the industry. A brief review of the latest edition’s executive summary revealed where information security vulnerabilities lie in industries worldwide and, even more helpfully, what shape those vulnerabilities took. The Data Breach Investigations Report, or DBIR, pulled no punches in outlining what kind of attacks happened in the past year, and how.
A vulnerability has been uncovered in all Windows systems - one that’s described as “probably the widest impact in the history of Windows.” Coined BadTunnel, the vulnerability could provide attackers a route directly past the defenses of a system to set up a man-in-the-middle style attack.
Twitter recently experienced a major hack where it saw 33 million user login credentials stolen. What may be more alarming than the hack itself is what the stash of stolen credentials reveal about users’ password security habits. Or, to put it more accurately, the lack thereof.
Security company LeakedSource was able to obtain and analyze the stolen passwords from an online black market. They found that the most commonly used password (connected to more than 120,000 accounts) is also the easiest to guess: “123456.”
This despite (or perhaps because of) the famous password scene from the 1987 film “Spaceballs.” If you recall, the joke was regarding King Roland being blackmailed by Dark Helmet to turn over the password securing Druidia’s planetary force field. The super-secret password in question, “12345.”
The revelation of the password being so ridiculously simple caused Dark Helmet to reply, “That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!”
Not surprisingly, the other most-used passwords from the Twitter haul are just as easy to guess; “123456789,” “qwerty,” and “password.”
We make the connection to Spaceballs in order to highlight the fact that using weak passwords has been a major IT security issue for at least 30 years, with little hope of things changing. Fortunately, the remedy is quite simple; use complex passwords with a string of random characters. Taking this measure alone will improve your security vastly over all the other King Rolands to be found in cyberspace.
However, using complex passwords will only get you so far. For example, as in the case of the recent Twitter heist, if your password is stolen, then it doesn't matter how complex it is. This is why we highly recommend that you take advantage of two-factor authentication security solutions. Twitter and other major websites offer two-factor authentication, which messages your mobile device with an additional code upon entering the correct password. It’s a small inconvenience that will virtually guarantee that you’ll be protected, should your password fall into the wrong hands.
Additionally, we recommend following the best practice of using a different password for each of your online accounts. For example, if your Twitter password gets stolen and this happens to be the same password used for your other online accounts, then the hacker would have an easy time logging into your other accounts.
Actually, this happens more than you would think, with Facebook’s Mark Zuckerberg becoming the recent poster child. On June 6th, Zuckerberg briefly lost control of his Twitter and Pinterest accounts after hackers used the same password to access both. The password in question was not only ridiculously easy to guess, but it was also one that he’s apparently used before, “dadada.”
Therefore, if you’re using complex passwords, two-factor authentication, a different password for each account, and you’re routinely changing your passwords, you’ll apparently have better online security than Mark Zuckerberg, which is something to brag about.
Following all of these password security best practices will go a long way in protecting your online identity, and when it comes to network security, the more precautions you take, the better. To that end, call QuestingHound Technology Partners today at 954-727-2200 to equip your business with the best security solutions on the market.