Whether you’re a business or an individual, it’s an unfortunate fact that you will very likely experience some form of cyber hack in your lifetime.
However, the repercussions of cyber-attack for an individual are infinitely less serious than those for a business. Businesses that suffer cyber-attacks can end up paying out huge sums that can result in them going out of business. Meaning it’s vitally important as a business owner that you prevent this from happening at all.
Let’s use two common scenarios to explain…
For individuals… You receive a message from one of your social media platforms notifying you that your account login has been used from a foreign location or device. You login to find that someone has been posting pictures on your account.
You take action by removing all images, changing your account password and remotely logging out from all devices. Perhaps you also change your password for various other accounts, including your email, just in case these have also been leaked somehow. Lastly, you apologize to your followers for any offensive material shared. Problem solved.
For businesses, on the other hand… Your systems are far more complex than a social media account. With hundreds of users, logging into systems from various locations and devices, it’s more difficult to track unusual activity. This means it takes you longer to realize that someone has hacked your CRM, where all your customers’ personal information is stored.
It appears your entire database has been compromised. All your customers’ emails, addresses, passwords, banking information has been leaked. As well as preventing business operations until the systems have been recovered, this hack has forced you to inform your entire customer base that they too may be at risk of cyber-attack. This results in a loss of confidence from your customers and ultimately, loss of business. Not such a simple problem to solve.
Staying one step ahead of hackers is absolutely essential as a business and to do so, you must understand how your credentials are being hacked to begin with. That’s why we’re here to share the 4 ways hackers steal credentials and how to avoid falling victim to these methods.
1) Phishing
Email phishing is one of the most common ways business credentials are compromised.
Reports show that over 70% of all cybercrimes are a result of phishing. This technique would most commonly involve your employees receiving an email from what appears to be a trusted and legitimate contact, asking for personal information. They might be redirected to a link or a malicious attachment where they input their information and give the hacker the means to login to your systems and do whatever they please.
It only takes one click on a dangerous link, from a well-meaning member of your team, that could mean the difference between a thriving business and a disruption so severe that it makes recovery impossible.
But how can you prevent such attacks from happening to your business?
You should make sure you have integrated a sophisticated email security software into your business, which detects cyber-attacks, including phishing, business email compromise, account takeovers, identity spoofing, and credential theft. Your business must use an email security platform that allows you to monitor unusual email activity and respond immediately by quarantining any potential threats.
You should ensure your staff is prepared for an attack at any time. Enable your staff to go on verified cyber security training courses to teach them how to respond to hacking threats, fake emails and general security attacks and what the correct procedures are around handling your business’s sensitive data.
2) Ransomware
If you’ve heard of it, you may have put two and two together and figured out that ransomware is a form of malware (malicious software) that holds your business to ransom.
This might begin from an employee clicking an innocent link, or downloading a file they believed was safe. But what it leads to is cyber criminals taking control of your data. Not only can they steal your credentials through this method, but they can deny you access to your files and systems until you’ve paid a ransom of their choosing.
What can you do to prevent ransomware in your business?
To prevent sophisticated attacks of this form, you must equip your business with something more robust than the standard anti-virus. Managed Endpoint Detection and Response (EDR) is now considered the best choice for your business’s IT security.
EDR should essentially be understood as the visibility element of your cyber security. When threats slip through anti-virus (as they very often do), EDR detects that activity and alerts you to the threat. With EDR you can restore all your business’s devices to their pre-threat state. Restoring infected machines to full productivity means that malware and ransomware are less likely to have such a devastating effect.
3) Brute Force
We’re all guilty of it. Creating a password in a hurry, knowing full well that it’s not the most secure. Planning to change it later and forgetting!
These kind of weak passwords may be forgiving to individuals, but when creating passwords for your business accounts, you must never let this happen.
Why? Because hackers are more intelligent than ever. 81% of all cyber-attacks leverage stolen passwords. With tools like “Aircrack-ng” and “John The Ripper” at their disposal, hackers can easily crack weak passwords. There are various password cracking tactics, such as the dictionary method. Text samples are taken from common word lists and traced against login details. The hacker won’t stop until they find their match, which very often they do.
How can you stay safe?
To keep safe from brute force attacks, ensure your business accounts and employees’ laptops are protected with strong passwords. Even better – harness tools such as Windows Hello to facilitate fingerprint and facial recognition on devices, so that there are no passwords to crack!
For those that this isn’t an option for, you should integrate Microsoft Authenticator, a two-factor authentication application. This will ensure that your systems are protected and only granting access to authorized personnel.
If passwords are a concern for your organization, we can help.
4) Dark Web
The most troubling fact about data is that you and your business may be doing everything possible to protect it, but that doesn’t mean all organizations are.
You can’t avoid giving your information out, as it’s required every time you sign-up for a new account or subscribe to website. But if these websites aren’t safe, neither is your information.
When data is stolen by a hacker, there are two things they could do with it. They might use it to attack your business. Or, they might sell it.
The dark web is a part of the internet only accessible by private authorized access, or by using specific configurations or software. Unfortunately, it’s abused for criminal activity. This is where criminals could sell your credentials to multiple buyers for a high-price. If your organization experiences a breach of credentials on the dark web, you could easily be under digital assault from hundreds of attackers.
So how can you avoid this?
Regular dark web scans are the only way you can ensure your credentials are not being sold online. A dark web scan can be carried out quickly and easily by a cyber security expert and will check for any usernames, password, security numbers, credit card information and employee or customer information that might be online.
Whether you’re a recent victim of cyber-crime or just wanting to ramp up on your business security, we can help.
We will risk assess your business in our very first conversation, to ensure that any pressing issues are addressed before it’s too late.