HOW NOT TO GET HACKED IN 2020
Organizations of all sizes are responsible for the privacy of their clients, partners and employees. Despite that, cyber security has consistently been somewhat challenging to follow for the individuals not accountable for it on an everyday basis. Whether you run a small online store or a multi-million dollar digital agency, you need to take certain precautions to make sure that your sensitive information is secure.
As an online business owner, I would never think that my business would get targeted in the first few months from opening. All of the social media and advertisement accounts got deleted, and hackers were aiming to reach for my payment processing and banking information. That is why, I strongly suggest you read this short article to protect your business today. I have interviewed Nick Furnadzhiev, a cybersecurity expert from HyperAspect. He shared a few tips that will ensure your business safety, and help you prevent a cyber attack in the future.
What is considered as sensitive information? Businesses are money driven. This means that all companies will have some form of accounting, whether it would be an Excel spreadsheet, a handwritten ledger, or a software suite designed for your business. Some, of course, are more secure than the others. Since businesses have accounting, it means that they are handling information about their stakeholders. This information is usually considered sensitive and it can include, but not limited to:
- Social security numbers
- Banking information
- Sensitive customer information
- Proprietary company information
There are two types of major cyber threats and fixes that Nick outlines for this year:
1. Bad Passwords
Passwords are one of the first places a hacker targets. Why? Because passwords are created by people. People are easier to hack than technology. If you know anything about a person, guessing their password becomes so much easier. People use information they can remember for passwords, typically nouns and dates tied to their lives. And in 2020 lives are very visible on social media. Each time we post, we are doing a little bit of the hackers’ job for them.
Make passwords longer, if your passwords are less than 14 characters, go change them. Capitals and symbols no longer matter as much with the advent of programs designed to hack passwords. The length is what makes it difficult for a hacker to guess. The longer the password, the more combinations a program has to go through to hack it. Instead of a word or two, use a phrase that has nothing to do with yourself, or at least nothing you would post. For example, “the yellow wallpaper in the old room is dull on monday” takes basically forever to hack, doesn’t contain personal info and there’s no numbers for letters. Doing this will immediately make your business less hackable.
Finally, implement multi factor authentication. Having MFA on company systems not only adds a layer of protection, but it should also trigger an alert if someone is trying to hack you. Knowing that an attack is attempted gives you the time to lock systems down and track the attack. Tracking may not lead to anything, but the hacker will think twice before targeting your business again.
2. Phishing Attacks
This is not a new threat, nor is it a new tactic used by hackers to gain access to your information. The difference now versus five years ago is the sophistication of the schemes. Phishing schemes are morphing into full fledged social engineering schemes. Email protocols that were designed in the 80s and 90s have had decades of study for vulnerabilities. Hackers can now use tools where an email will look absolutely legitimate when it is not. There will be an accurate logo, words spelled properly, punctuation in appropriate places, and no real indication that it is a bad email. It will 99.99% even look like it came from the email the hacker is spoofing. Often these emails, instead of delivering virus’ or trojans (a decades old method), will instead lead you to click links and log into fake sites where your information is handed over. This can be a problem, if you’re using single-sign-on information, recycling passwords on various sites or entering your social, birthdate or other info used to reset passwords. The hacker now has what is needed to access your business’ digital footprint.
Avoid clicking links in unsolicited emails, even from companies you trust. While you’re at it, don’t even read someone a code that has been texted to you by a company (just don’t). Always call a company or go directly to the company’s site on your browser and login to deal with an issue. They should know about the issue and be able to verify that it is real. If you decide to call, don’t trust a phone number in the email. And when in doubt, ignore or delete it. Even if the issue seems serious, almost all legitimate companies will follow up with calls and paper mails, if necessary. And if the company doesn’t recognize the email you received, tell them about it or share it with them, so they can warn other customers. Also share it with your company’s IT department, so they can block further hacking attempts to employees.
What are some other tips from Nick?
To protect your business, you need to understand your risks. Learn about different kinds of threats to your business and how to hedge those risks. Once you understand your risks, you should create an in-depth security policy outlining these.
Keep all of your software and operating systems up to date. Hundreds of new security risks are detected every day, you must be proactive to help prevent breaches from compromised code.
Do your research. Much like understanding your risks, you should take the time to research what you will need to do for each specific risk. Don’t know where to start?
I will leave here an information on how you can reach HyperAspect. If you have more questions, you can either ask for Nick’s help or request a free consultation from other cybersecurity experts — firstname.lastname@example.org.