A lot of small business owners think they’re too small for hackers to target them. The fact of the matter is that hackers often don’t specifically target a company- they’re opportunistic. They can scan for vulnerabilities and exploit them when they find them.
You may already know about the different kinds of cybersecurity threats, which can take over computers, steal information, and even hold your files for ransom. What you probably don’t know is how computers get infected.
Phishing comes in various forms, but generally, a person receives an email they think is legitimate. It contains an attachment or a link, and when the recipient clicks it, it’ll take them to a website with a virus loaded into it or open a document that runs a command to take over the computer.
Spear phishing is a subcategory of phishing in which a person receives an email from someone they know, often a higher-up in the company, asking for certain information. It could be employee files, access to sensitive information, or a request to wire money to what turns out to be the hacker.
A USB drive or thumb drive can be infected with malicious code as well. Be careful plugging USB drives from unknown places into a computer. Sometimes they can even be mixed in with drive that are given out at trade shows and the like.
You know those annoying update notices you always get? Yeah, sometimes it’s a pain to restart your computer, but there’s a reason those patches are released. More often than not, they include security updates. Hackers, you see, can find vulnerabilities in software that were unknown when it was released. These are called zero-day vulnerabilities. There are people out there whose job it is to find these and other vulnerabilities in software and report them to the software companies so they can fix them before hackers discover and take advantage of them. So when there’s an update, apply it!
Weak and Default Passwords
Sadly, “password” is still one of the most popular passwords out there. If you use that (or even “password 123”) or some other easy to guess password, change it immediately. And no, changing “o” to “0” (that’s “oh” to “zero,” in case it’s hard to read) doesn’t help much. Other passwords to avoid: your name or last name, your birthday, your anniversary, your kid’s birthday, your favorite sports team, and so on. Basically, if it’s something a person can find out about you with a glance at your Twitter profile, don’t use it. And if you use the same password for all your logins, be extra wary, because if a different system gets hacked and passwords are stolen, like what happened with Yahoo a few years ago, hackers will try those login credentials in other places as well.
In a related note, a lot of hardware, such as routers, come with default login credentials, like username: admin, password: admin. Make sure these are changed as soon as they’re set up. Hackers can take them over and use them for all kinds of attacks, including a dreaded DDoD attack, which can use online traffic to overwhelm a website or online service.
Also falling under this umbrella is weak wifi security. A hacker with a laptop can sit right outside a business and log into the wifi network to cause all kinds of damage, from taking over systems and infecting computers with malware to stealing files.
These are some of the most commons ways companies get hacked, and they don’t all involve having your company specifically targeted. Insurance that covers cybercrimes is still a relatively new thing, but if you’ve got questions about it and would like to take steps to make sure you’re covered in case of a company hack, give us a call.