Since the outbreak of the you-know-what virus, we have seen a drastic increase in cyberattacks directed at businesses, big and small, all around the world. This is, without a doubt, attributed to the fact that working from home environments have also increased drastically in such a short period of time. This rapid change in working environments has and is continuing to change the methodologies of cyber criminals as well as the cyber threatscape as we know it, and businesses all around the world may find it hard to keep up with all of these rapid advancements in modern technology. Everyone knows that you should try your best to not be an easy target, but for some, maybe even most organisations, it can be a little unclear on what makes you an easy target in the first place. What can you do to make sure you’re not one of them, and more importantly, how can you go about remediating that? In this article, I will go over some common methods of attack for hackers so you can get a feel for how they might go about exploiting some weak points in your business. In doing so, you can apply this knowledge to better the security of your organisation. Enjoy!
Common Hacking Technique: Social Engineering
“Social.. engineering?” I hear you say, confused. “What does that mean?” Although you may not have heard the technical term before, this is an extremely common technique that hackers use with most of, if not every single attack they carry out. It is a broad term that encompasses many attacks, but they all accomplish the same goal: getting information out of people.
One example of a social engineering attack is called a phishing scam, an example of which being the “CONGRATULATIONS YOU JUST WON SOMETHING, JUST ENTER YOUR PERSONAL INFO HERE”, or the classic Nigerian prince scammer.
Just keep in mind that this is one of many examples of a social engineering attack, this is by no means an exhaustive list. There are other forms of this such as vishing, SMSing and spearphishing.
“Oh, I know about those emails, they’re so easy to pick out. That’s how people get hacked?” I hear you ask.
Well, yes, but it’s a little more complicated than that. See, there’s the difference between a planned-out cyberattack and some guy who’s trying to get your data: sophistication. You can think of the “Congratulations, you just won..” scam as nothing more than a petty thief trying to make some quick cash. These thieves don’t understand how people work, they resort to drastic measures extremely quickly and as a result, they stick out like a sore thumb. Cybercriminals, however, are more sophisticated in how they launch their attacks. They’re still the same petty criminals in a way, but they understand that most people look past those generic scams, so they do some research into the services your business uses. This might be anything from your electricity provider to the tools you used to build your website, and send you an email based on that information.
Let’s say you used WordPress to make your website, just as an example. A hacker might see this and craft a fake email that tells you to update your account, or get access to a brand-new exclusive WordPress feature. All you need to do is type in your account details. Sounds like a pretty good deal! In other words, the best scams are the ones that go completely over your head. Pretty smart, hey?
Common Hacking Technique 2: Remote Working Software
Going back to the point written at the beginning of this article, technology is rapidly expanding to the point where we are finding it extremely difficult to keep up. With this comes the undeniable fact that vulnerable softwares have been, and are going to continue to be exploited. The problem is, most people don’t even realise that the things they use on a daily basis are vulnerable to cyberattacks. Take the recent “Zoom-bombing” phenomenon for example, a vulnerability where people can easily log onto any Zoom meeting they want. Furthermore, Zoom does not follow the best security practices in general (such as end-to-encryption) and for this exact reason, it is highly recommended that you replace Zoom with another meeting software such as Microsoft Teams or FaceTime as they are much more secure and less susceptible to cyberattacks.
What Can You Do?
All of that stuff is great (and maybe a little scary), but what can YOU actually do to improve your security as a business?
- Checking and maintaining your security posture
I wrote an article about this topic a while ago, and every point on here still applies. Security posture is absolutely essential in keeping your organisation as secure as possible, so please do not overlook it.
- Making cybersecurity a top priority in your organisation
Many businesses don’t have cybersecurity as a priority and get surprised when they get hacked. If you don’t want to get hacked, it is highly recommended that you put more budget into your cybersecurity and run through training programs (e.g. phishing simulations) with your employees. To say it will help you out greatly is an understatement.
- Do your homework!
By “doing your homework”, I mean looking into the software that you use for anything business-related, and making an educated decision on if you should really be using it or not. Truthfuly, everything is vulnerable in one way or another, but making sure that your business cannot be exploited by cybercriminals EASILY is the key. By making it just that little bit harder for hackers to obtain your sensitive information, you have made your organisation even more secure!
- Communication with your employees!
I cannot stress the importance of this enough. In any situation, communication is ALWAYS key! Make sure that you as well as your employees know what they are doing as much as you can, make sure they know what to look out for. If they don’t, then do your best to clear up any confusions, both for you and your employees. It will help out everyone involved if everyone knows what their place is and what they’re doing, and that includes you too.