The Security Problem
Security practices are often overlooked (even ignored) in many small to mid-sized businesses today. Employees put company data, trade secrets, client info, and much more at risk everyday and are not even aware that they are doing it. From logging in to email and company resources from free Wi-Fi at a coffee shop to not locking down their hardware at home, companies are vulnerable. A tiny misstep by one uneducated employee can put an entire organization at risk.
So many businesses think that they can automate their security with a few quick fixes like installing security plugins on their website. The problem is that this is the equivalent of putting a band aid on a hemorrhaging wound. Security is so much bigger than just incorporating one small fix. Your business needs to incorporate security at every level, starting at your employee’s fingertips. This involves at least 5 different levels of hardware and software that most people don’t even think about.
Examples of Levels of Security
When employees log into your systems, websites, etc. – what are they using to login? A strictly enforced company issued laptop with the most stringent requirements for allowing work only applications, a VPN, and constant virus scans? Probably not. Are they using their own computers? Are there strict practices incorporated requiring them to constantly scan for viruses on their computers? If you are a small to medium business, the answer is probably not.
Where are they logging in from? Public wi-fi at a coffee shop? Or even worse, public wi-fi at the airport? Hackers can spoof a Wi-Fi hotspot almost instantly. Your employees can be unwittingly be logged into the hackers’ rogue Wi-Fi and the hacker recording every keystroke, watching every screen, taking screen shots, stealing data. The keylogger alone can be used to gain deeper access into systems. Email servers can be used to send email (from the hacked account) to the rest of your employees (looking like it came internally) and hack even more resources. This is just the tip of the iceberg.
Do your employees work from home? Do you have practices in place for how your employees secure their hardware at home? Their what? Yes, their hardware – the router they use to access the outside world (including all your systems) if left with the default settings can allow an attacker to do all the same things mentioned in the last paragraph. According to one security study 85% of all households never change their router password from the default. Were not talking about the Wi-Fi password, were talking about the password to the router hardware itself.
From their router, what “wire” are they using to access your Intranet? Is it secure? Do you have a mandatory VPN (Virtual Private Network) installed, and trained employees on how to use it? Information over wi-fi and even a wire can be “sniffed out” using even the most basic hacking equipment, yet MOST people don’t have a clue about what to use, or how to use it.
Now the employee has traveled from their own computer to the front door of your systems. Do you enforce strong passwords? If you don’t force your employees to use a combination of (minimum of 12 character) upper case, lower case, numbers, and special characters, their passwords can likely be hacked in a matter of minutes or hours. Poof – the bad guys are in and can wreak havoc on your systems.
What about your systems (servers, websites, databases, accounting and ordering systems)? What is in place at the firewall and server level to protect your company assets? If you don’t know – you are probably not doing enough.
Believe it or not, this is just the beginning. The tip of the iceberg. If you don’t understand what you need to be doing to protecting your IT assets, it is not a matter if IF you will be hacked, but WHEN. Hacking is not a manual process by one person sitting in the dark somewhere. Previously hacked systems (by the 1,000s and 10,000s and more) are loaded with scripts that automatically scan the internet (IP addresses) looking for vulnerabilities on open ports (what?), outdated software, and poor passwords. Even more concerning are gullible, uneducated employees that are more likely to hand over the keys to the castle then outdated server software. This is known as, “Social Engineering”. Social Engineering is a way to hack the people, instead of the systems. Hackers will trick unsuspecting employees to allow them access to your systems.
But none of this needs to happen!
Let me come and educate your employees about Security Safe Practices. I won’t just bore them with bullet points, I will show them actual examples of past events that will grab their attention, and finally get them thinking about security. We’ll cover end to end security safe practices. The result will be a staff of educated employees, an exponential reduction of your chance of getting hacked, and possibly save you tens (if not) hundreds of thousands of dollars to remedy a compromised website, or server.
I’m a Certified Ethical Hacker (CEH) with over 5 years’ experience protecting websites and systems. I can educate your employees with safe practices, I can provide penetration tests to your systems, and I can help with hacked system remediation. It’s not IF you will get hacked, it’s WHEN. Education is insurance. Get some before they get you. Let’s talk about how I can help!
#cybersecurity #security #onlinesecurity #hacking #hacked #websitesecurity #CEH #pentesting
Leave a Reply