Tag: Password

7 Security Assumptions Hackers Are Hoping You’ll Make

assumptions

  1. You’re too small to be of interest to them. Let’s face it, it’s the most common excuse made by business owners. It seems preposterous to them that of the tens of millions of businesses around the world, many of them very lucrative, busy hackers would have time for them. What they don’t realize is that cybercrime has become automated and the hackers have sophisticated tools that will scour the internet looking for unprotected websites and poorly protected or unpatched computers and networks.
  2. You have nothing worth stealing. “I don’t take credit cards,” or “It’s all handled by a third-party processor” are common responses, and based on the belief that hackers are only after credit cards. All data, any data, is of value. That can include names, addresses, phone numbers, email addresses, buying habits, purchasing history, employee records, Social Security Numbers, intellectual property, passwords. And often the hackers don’t want to take, they want to give. Like using your unprotected websites to hide malware that will be spread to visitors to your site.
  3. If there is a breach, it won’t be a big deal. In reality, the smallest security breach can be a really big deal. There have been many cases of smaller firms being wiped out by a single piece of malware accidentally downloaded by an employee. And if the hackers don’t get you, the lawyers might. There is now an army of lawyers whose only focus is to sue businesses on behalf of customers whose data was exposed in data or security breaches. And of course there are all the regulators and the fines they can impose, not to mention the long-lasting damage to your brand and reputation if your customers think they can’t trust you.
  4. Antivirus software and a firewall are all you need to be safe. Don’t get me wrong, they’re essential, but there’s so much more to security. Businesses that have relied on just the basics have found out the hard way that hackers are way too determined to be deterred by the basics.
  5. A website is really just a flashy billboard to advertise your business. Your website is so much more. It’s often the only way customers can find your business, so if it’s compromised, blacklisted, or otherwise not available, your customers are going elsewhere and probably not returning.
  6. Your employees pose no risk. No one would ever accuse Irene in accounts of being a hacker’s best friend, right? But many security and data breaches are as a result of exploitations by hackers of mistakes by employees. If your employees are not trained to be sentries, they’ll be quickly turned into vulnerabilities.
  7. Your password is perfectly fine. How often do you think about your own passwords, let alone those of every other employee in your business? One weak password is all it takes. But in reality, most passwords are weak and exploitable. And if that include FTP access, a complete stranger may end up owning your web site.

Security is as much about avoidance and deterrence as it is about protection. You’re not just trying to keep the bad guys out of your website, you’re doing everything you can to not even come to their attention. Or just persuade them that you have so many layers of security in place, you’re not worth their time. The unlocked car with the purse on the back seat is almost certain to be robbed. The locked car with no visible valuables inside has a much better chance of being ignored. And when it comes to hackers, being ignored is just right.

Google Author: Neal O’Farrell

Don’t Let Your Employees Become The Enemy

top8Of all the threats that could be stalking your business daily, it is most unpleasant to think about the fact that the biggest threat could already be inside your walls, maybe even on your payroll. Unfortunately there’s plenty of evidence to suggest that the biggest source and cause of security incidents is the humble employee.

The good news is that few of these incidents are deliberate attacks or frauds by your most trusted insiders. Instead they tend to be innocent mistakes which could easily be avoided but which are quickly taken advantage of by hackers.

Read More

Target Breach Exposes Much More Than Data

Target logoAs we continue to dissect the massive data breach at Target, we’re going to learn lots of lessons. But probably the biggest lesson you can take away from it is that if it can happen to Target, it can certainly happen to you. Even if it’s on a much smaller scale, it could still be big enough to matter to you.

Read More

Why Your Business Could Be Defenseless Against Keyloggers

keyloggersWhen news broke last week that security researchers had found more than 2 million stolen passwords hidden on a hacker’s website, it didn’t take long for media around the world to get on the case. It appears the passwords were stolen over many months, and from users of Facebook, Twitter, Google, LinkedIn and many other sites.

The story that seemed to get the most attention from the media and from security experts was what these 2 million passwords told us about the password habits of users. That they were awful. Not that that’s really news, but still, once again we discovered that the most common passwords included in the haul were 123456, 111111, and perhaps worst of all, password.

However, we noticed something else, something that other security experts seemed to miss completely. The initial suspect in the heist was a keylogger, a tiny piece of malware that will infect computers, steal things like logins and passwords, and pass them back to the hackers.

On the very same day the media frenzy started, we noticed that a security firm OPSWAT revealed some very scary test results. When they planted a basic keylogger on one of their test computers, and ran scans with more than 40 of the most popular consumer and business antivirus products over two weeks, only one product caught the keylogger. Which probably means most consumers and even small businesses probably won’t be able to detect it either.

While the better antivirus brands are generally good at catching the most common malware, a study by the University of Alabama found that those same products only catch around 25% of the more advanced malware. And that’s the stuff that can do the most harm.

Keyloggers are typically in search of logins and passwords, but they don’t just log what you type. They can also capture screenshots of what’s on your computer, screenshots of the websites you visit and the folders you open, and even what you search for. And software isn’t the only variety. There’s a growing trend towards hardware keyloggers – keyloggers designed to look identical to a plug or connector you’d expect to find at the back of a computer or even a cash register. One such hardware keylogger was recently found plugged into the back of a cash register at a Nordstrom store in Florida.

If keyloggers make their way on to computers in your business, the hackers may be able to steal logins and passwords to your website or bank account. They might also be able to steal payroll and customer information. They might even be able to hop from your computers to your website, and from there infect visitors to your site. Which could end up with your business being blacklisted by the search engines until you solve the problem.

So what can you do cripple this menace?

  • Start by talking to your employees, explain what a keylogger is, how it can threaten your workplace, and how you can all work together to protect against them.
  • Require all your employees to use anti-keylogger software, like Key Scrambler (free). They won’t protect your business against every type of keylogging but are a good defense against the more common software based. Some work by instantly encrypting or scrambling all your keystrokes so that they’re unusable to hackers.
  • Make sure you and your employees use one of the many safe surfing tools or plugins, like Web of Trust (WoT). As users become more wary of malware hidden in email attachments, hackers are turning to websites instead. Known as watering holes, hackers will find vulnerable websites, load them with keylogging malware, and simply lie in wait for visitors to those sites. SiteLock is finding as many as 5,000 small business web sites every single day already compromised and requiring malware removal. Safe surfing tools will help alert you of suspicious or dangerous websites before you click on them.
  • Always have good antivirus software on every computer and device you use in your business and at home. And encourage your employees to do the same. Some of the best is free, including for your smartphone and tablet. And scan often — at least once a week is recommended.
  • All employees should change their passwords often and think about passphrases instead.
  • Be careful what you allow employees to download and install. Poor security habits and hygiene are a leading contributor to malware infections. Slow down, guard up, verify first, and only download if you’re really sure and you really need to.

Google Author: Neal O’Farrell

WordPress Security – The Scoop, The Catch, The Solution

wordpress_logo If you’re using WordPress to host your website or your blog, I hope you’re aware of the growing security risks and what you need to do to avoid them. Not only is WordPress one of the most popular website platforms for businesses, it’s also one of the most popular amongst hackers. But for very different reasons.

There’s little doubt that WordPress has become one of the most popular website and blogging platforms of all time, with more than 60 million WordPress sites around the globe. But being the best comes with a price and, in the case of WordPress, that means sustaining attacks by hackers. WordPress has become such a big target for hackers that earlier this year a security firm decided to log the number of hack attacks over a period of a few months. The results were eye-opening.

Read More

10 Key Security Steps Every Business Should Take

Screen shot 2015-04-14 at 12.19.10 AMEven just thinking about protecting your business from all the cyber threats it faces can be daunting. Where do you begin? Do you start with your website, or is it something more basic like having a security plan? Do you train your employees or lock down every computer and let technology do the work? If critical data has to be protected, which data first? Which data most?

It’s this very scenario that creates the biggest security vulnerability for most small businesses. When building an effective security program for your business begins to look like a much bigger mountain to climb, especially as you get closer, you put the project off until another day. And in the meantime, hackers can have a field day.

Read More

Locking Down Your Computers

Many years ago, a bar owner shared with me the tale of how he was losing so much money in one of his bars he had to hire a loss prevention specialist to pose as a customer and watch his staff for any signs of financial impropriety.

The undercover customer spent nearly a month visiting the bar (what a job!) and reported back that he found nothing was amiss. He said he watched all the cash registers for four weeks and didn’t see one suspicious transaction at any one of the four registers.

Read More

Overcoming Common Passwords and Mistakes

Seems like every few months another blogger or security maven laments the passing of the password, a security tool that has outlived its usefulness and should now be replaced with something more of the times, more effective, more secure.

And while the password might be on life-support, it’s not quite gone. Which means you still have to take it very seriously, because in most cases it’s the only security you may have.

And you should also learn to accept that if the password is mortally wounded, it might be partly your fault. Because we know, we have hard evidence, that passwords have been weakened by their owners.

Read More

Powered by WordPress & Theme by Anders Norén