Sometimes, you just don’t know when or where a cyber attack is going to come from.  You may have all the anti-virus software in the world, have your employees trained to the highest level and have ironclad passwords and the hackers STILL find a way to get in.  Hackers are constantly poking, prodding and looking for weaknesses.  If they probe one company and don’t find these weaknesses, they move on to the next and then the next until a weakness is found.  Even though you can’t protect against every attack, and even though hackers get more sophisticated and resourceful every day, you should be aware of the most common ways businesses get hacked and put prevention plans in place.

1. Weak Passwords   

We can’t say this enough: strong passwords matter!  Yes, we know they can be difficult to remember.  Yes, it’s easier to use your dog’s name as a password every time you need one.  However, when you realize that 80% of cyber attacks come from weak passwords, you should be convinced that putting a little extra effort in here is well worth it.

We can’t say this enough: strong passwords matter!  Yes, we know they can be difficult to remember.  Yes, it’s easier to use your dog’s name as a password every time you need one.  However, when you realize that 80% of cyber attacks come from weak passwords, you should be convinced that putting a little extra effort in here is well worth it.

Prevention: Have a unique password for each account and try to aim for at least 8 characters of non-identifiable text (no birthdates, kids’ names, etc.).  Insert special characters such as &, *, ^, ~ and $.  Train your employees on password strength and give them the above requirements.  If you or your employees are having trouble remembering passwords, there are password managers available.  PassPack and LastPass are two examples.

2. ‘Drive-by’ Infections

If hackers are interested in getting to a large number of your employees, they may use a ‘drive-by’ web download to target them as a whole.  How does it work?  Hackers look for a vulnerability on the site and get access to it by exploiting weaknesses in code or the web server, and place a new page or infect an existing page.  They then use spear phishing (an email that appears to be from someone familiar, but is actually a hacker) with a link to the infected page/site. Anybody clicking on that link then exposes their computer to the hack attack.  That means you.  Your employees.  Your clients.  Prospects.  Everyone.

Prevention: Employee education and training is the big one here. The only way this type of infection works is if someone visits the infected page, even if for only a moment. Make sure all of your employees are aware of the dangers of clicking on unfamiliar links, even if they “know” the sender of the email.

3. Scanning Networks for Vulnerabilities and Exploitation

Is your network vulnerable?  Hackers may be the first one to alert you to this problem—and then it’s already too late.  Once a hacker finds a vulnerability (usually one you’re not even aware of), they exploit it by sending a command or data to the servers or computers, causing the targeted application to crash and then executing code that gives them access to whatever they want.  Usually, large businesses have a secure enough network to protect against this, but many small to medium-sized businesses could be vulnerable.

Prevention: This one’s all about security patches and updates.  If you or someone on your staff are not knowledgeable about network security, bring in an expert to scan your network and put security measures in place and help remediate the environment.

4. Malware Attacks

Malware, once on your computer through a download, delivers software that can capture keystrokes, passwords and data—basically, your entire life.  There has been an 8% increase in malware attacks against small businesses since 2012 and the average loss from an attack is $92,000.  Yes, malware is a big deal.  But it’s also preventable.

Prevention: Running a good malware-detection software is important here.  What’s even more important is keeping it updated.  We’ve worked with a lot of companies who start out with the best of intentions, but then let the software lapse instead of updating it out of pure procrastination or simple lack of policies and procedures.

5. Ransomware Attacks

If you haven’t been reading the news lately, the newest and most malicious of hacker attacks is ransomware.  In a ransomware attack, hackers hold your data ‘hostage’ after silently encrypting your files.  Once this has happened, your data is basically gone if you don’t have a solid and working backup.  The hackers offer to give you access to your data if you pay a ransom.  Do you get your stuff back or do the attacks stop if you pay?  Rarely yes, nearly always no.  As with everything on this list, it’s really better to prevent it from happening in the first place.

Prevention: Training and education is important here again as most of these attacks stem from a person opening an attachment, clicking on a suspicious link or visiting an unknown website.  You should also back up all of your data regularly (and have all of your employees do the same) so that you won’t lose everything if you happen to be a victim.

Hackers will continue to evolve and new threats will continually pop up.  It’s just the world we live in.  However, putting a plan in place to lessen the chance of a cyber attack is possible, and is definitely worth the investment.

In this post we’ve covered many of the steps you can take right now to increase your defense against being attacked. However, if you really want to be able to sleep well at night knowing you and your company are virtually unbreachable, then preventive endpoint security is your best bet. 12 Points Technologies is the local Midwest reseller for a product called Bromium, which provides true endpoint breach protection.

If you have any questions about how to make your company safer from an online attack, please get in touch.


Tony Cody is the Founder and CEO of 12 Points Technologies, a digital forensics and cyber security company that helps protect businesses from online threats, recover from online incidents and provides services for those who need to recover critical information from digital devices.  Tony has over 20 years of IT experience with the U.S. military and private firms.  For more information, please visit www.12PointsInc.com.

Powered by eSpark MediaeSpark Media - Website Development & Marketing