The Top 10 Ways Hackers Get Around Your Firewall And Anti-Virus

The National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year – and that number is growing rapidly as more businesses utilize cloud computing, mobile devices and store more information online. You can’t turn on the TV or read a newspaper without learning about the latest online data breach, and government fines and regulatory agencies are growing in number and severity. Because of all of this, it’s critical that you protect your business from these top 10 ways that hackers get into your systems.

1. They Take Advantage of Employees. The #1 vulnerability for business networks are the employees using them. It’s extremely common for an employee to infect an entire network by opening and clicking a phishing e-mail (that’s an e-mail cleverly designed to look like a legitimate e-mail from a web site or vendor you trust). It is Important to regularly go over policies and procedures and the why behind them. Enroll your team members in regular cyber training to promote good cyber hygiene during and outside of work hours. Encourage your team to ask lots of questions and report spam to their IT and management team.

2. They Exploit Device Usage Outside Of Company Business. You must maintain an Acceptable Use Policy that outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls. We can easily set up permissions and rules that will regulate what web sites your employees’ access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others.
   
   Having this type of policy is particularly important if your employees are using their own personal devices to access company e-mail and data.
   
   If that employee is checking unregulated, personal e-mail on their own laptop that infects that laptop, it can be a gateway for a hacker to enter your business network. If that employee leaves, are you permitted to wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure your clients’ information isn’t compromised?
   
   Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.
   
   
3. They Take Advantage Of Weak Password Policies. Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised. Again, this can be enforced by your network administrator so employees don’t get lazy and choose easy-to-guess passwords, putting your organization at risk.
   
   
4. They Attack Networks That Are Not Properly Patched With The Latest Security Updates. New vulnerabilities are frequently found in common software programs you are using, such as Microsoft Office; therefore it’s critical you patch and update your systems frequently. If you’re under a managed IT plan, this can all be automated for you so you don’t have to worry about missing an important update.
   
   
5. They Attack Networks With No Backups Or Simple Single Location Backups. Simply having a solid, reliable backup can foil some of the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay a crook to get them back. A good backup will also protect you against an employee accidentally (or intentionally!) deleting or overwriting files, natural disasters, fire, water damage, hardware failures and a host of other data-erasing disasters. Again, your backups should be automated and monitored; the worst time to test your backup is when you desperately need it to work!
   
   
6. They Exploit Networks With Employee Installed Software. One of the fastest ways cybercriminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other “innocent”-looking apps. This can largely be prevented with a good firewall and employee training and monitoring.
   
   
7. They Attack Inadequate Firewalls. A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. But all firewalls need monitoring and maintenance, just like all devices on your network. This too should be done by your IT person or company as part of their regular, routine maintenance.

8. They Attack Your Devices When You’re Off The Office Network. It’s not uncommon for hackers to set up fake clones of public WiFi access points to try and get you to connect to their WiFi over the legitimate, safe public one being made available to you. Before connecting, check with an employee of the store or location to verify the name of the WiFi they are providing. Next, never access financial, medical or other sensitive data while on public WiFi. Also, don’t shop online and enter your credit card information unless you’re absolutely certain the connection point, you’re on is safe and secure.

9. They Use Phishing E-mails To Fool You Into Thinking That You’re Visiting A Legitimate Web Site. A phishing e-mail is a bogus e-mail that is carefully designed to look like a legitimate request (or attached file) from a site you trust in an effort to get you to willingly give up your login information to a particular web site or to click and download a virus.
   
   Often these e-mails look 100% legitimate and show up in the form of a PDF (scanned document) or a UPS or FedEx tracking number, bank letter, Facebook alert, bank notification, etc. That’s what makes these so dangerous – they look exactly like a legitimate e-mail.

10. They Use Social Engineering And Pretend To Be You. Hackers will gain enough information found online through company websites, Facebook and LinkedIn and will try to reset passwords or add themselves to an account. Make sure you have MFA in place for all logins and use a personal email to set-up any social logins. Have your IT Team run a dark web scan regularly to catch any leaked passwords.

Want Help Ensuring That Your Company Has
All 10 Of These Holes Plugged?

     If you are concerned about employees and the dangers of cybercriminals gaining access to your network, then call us about how we can implement a managed security plan for your business. This security and back up audit will let you know:

• Is your network really and truly secured

• Is your data backup truly backing up all the important files and data you would never want to lose? We’ll also reveal exactly how long it would take to restore your files

• Is there a DNS Filter in place to protect your employees as they use their devices online
  
  
• Are you accidentally violating any PCI, HIPAA or other data-privacy laws? And do you really have the right documentation to share with your Cyber Insurance Provider if you ever needed to provide a claim?
  
  
• Is your firewall and antivirus configured properly and up-to-date?
  
  
• Are your employees storing confidential and important information on unprotected cloud apps like Dropbox that are OUTSIDE of your backup?

Call us today to schedule your Security Audit and anytime you have questions about your network and IT infrastructure.