It is estimated that 1 in 10 small businesses have been cyber hacked by criminals. Attacks on small businesses have continued to rise as have the number of criminals enlisting in for profit “data warfare”.
Black hats, Backdoors and Botnets!
We have all heard of worm, virus and Trojan horse attacks used by hackers to compromise the network servers of big corporations and governments. Most of us don’t know what they are or what exactly they do; we just know we don’t want them on our computers.
Now in addition to the crafty hackers who create these viruses there is a class of cyber criminals known as script kiddie or skiddies. These are unskilled people who buy scripts or programs written by skilled hackers. With these scripts anyone can target and successfully hack a server despite having no technical skill whatsoever. Black market sites have millions of hacking tools for sale like, bank codes, log ins, passwords and the like. This has opened up the technical world of hacking to any common criminal with an Internet connection. These cyber criminals don’t know a botnet from a backdoor but they are using them against small businesses.
Small businesses have become a favored target of elite hackers and the common script kiddie because most small to mid-sized businesses, SMBs, don’t have proper and continually updated security measures in place, making them easy to attack. Often a business’ computers aren’t just targeted for a data breach but are also used as a zombie computer to facilitate various other breaches. On average there is a 156-day lapse between a system compromise and detection of that breach. Generally it is a third party like a bank that discovers credit card fraud and notifies the merchant they have been hacked.
Most experts agree that cyber attacks are not a case of “if they will happen, but when”. Business owners should protect themselves by making sure all the necessary security measures are in place and kept up to date.
Best Practices for defending against cyber attacks
PASSWORDS MATTER- A hacker can crack a 6 character lowercase password in ten minutes. However, by using an 8 character password with a few uppercase letters and that hacker will be at it for 3 years. Throw in a number or symbol and it takes nearly 50,000 years to crack it. Be sure you lock up your wifi with a strong password as well. In addition it is recommended to change passwords as often as possible.
Change Default Credentials- A popular technique used by cyber criminals is scanning for default credentials on Point of Sale systems. When they find the default credentials they immediately start capturing the credit card numbers stored in the system. Do not keep the same log ins and passwords that came with your hardware.
Firewalls- Install and maintain appropriate firewalls, one is probably not enough. Redundancy is key in network protection.
Educate your employees- Often breaches in network security are caused by innocent ignorance. Remote servers accessed by employee’s personal devices like smart phones and tablets put your organization at risk. Make sure your staff is aware of the dangers of social phishing. In tech terms there is a phrase known as level 8 compromise, namely human error, and it is at the heart of most security vulnerabilities.
Back it up! – Suffering a cyber attack is bad enough and can cost your business a ton of money in fees and lost revenue. Lengthy recovery times can also interrupt the continuity of your business. However, if you are not backed up there is nothing to recover. Not all hackers are after money some are just destructive and may infect you with malware that will corrupt and or destroy all your files. A thorough disaster recovery plan is essential for efficient recovery from a cyber breach.
Has your server been hacked, how did you recover? Please share tips below that you have found helpful.