How do people get Hacked???
These days, the chances your home or business will get hacked are higher than ever. Here are some common ways hackers hack to be aware of, as well as some fixes to help protect your data.
1. Social Engineering and Phishing
Although it’s possible, spending days or weeks scanning for weak spots is boring and time consuming, and cyber attackers tend to go for the cheapest targets with the highest ROI. The easiest way to break into a computer system these days is to bypass a computer’s protection(s) altogether by aiming at a computer’s operator: a regular human being.
Fix: Spend a reasonable amount of time on security training to increase awareness across everyone on your network (home or office) so your systems don’t get hacked. We offer very reasonable starter classes for the small business or family that can be done in an hour or two.
You should also limit data access and possibly even encrypt data to further protect your content.
2. Dangerous Websites
Sometimes saving a few dollars can cost you a lot more in the long run. Sometimes people download what appear to be FREE or Hacked versions of commercial software, or even just a Whitepaper PDF or DOC. This attack happens when a user authorizes the execution of un-trusted and malicious software without realizing the potential danger, e.g., clicking run on malicious Java applet prompt. The name on the malware is often identical to its trusted counterpart, so harmful software is downloaded without the user knowing. Common examples include hidden exploits attacking popular software, such as web browsers, web browser plugins, PDF’s, DOC, DOCX, music and videos.
Fix: Conduct repeated education and monitor devices to ensure they’re running correctly updated software.
3. Malicious USB Sticks or ROMS
This risk is often self-generated by people with good intentions. They try to figure out whose drive they’ve found in a parking lot so they can give it back. But in a malicious scenario, the USB stick is dropped on purpose by a criminal and it contains malware.
It doesn’t take a targeted attack to get yourself infected with malware. If you insert random devices such as CDs/DVDs, USB drives or any other device such as a found mouse/keyboard, cable, charger then you’re risking the chance you’ll get hacked.
Fix: Use respected antivirus software like Bitdefender and have it enabled to scan all connected devices. While it’s not foolproof, it will reduce the likelihood of successful attacks performed by random malware or malware created by attackers.
4. Weak Passwords
You can have the appropriate software protections in place, but it’s all for nothing if your users have weak passwords. No antivirus software or advanced web application protection techniques can protect a user from data leakage if their password is john1989.
People are often lying to themselves and others when they say they know how to create strong passwords, and this is one of the biggest problems in our industry. We’ve seen government organizations, big corporations, and individual tech giants use simple or obvious passwords, which can lead to personal accounts getting hacked and company-wide breaches.
Fix: We can teach people how to create solid passwords and build internal systems that don’t allow weak passwords by the usage of password managers like Lastpass within your home / organization so you don’t get hacked. These terrific tools can significantly improve the security posture of your home or corporation by easing the process of endpoint password management.
******You should also implement multi-factor authentication for an additional layer of protection against hackers with stolen credentials. Lastpass does this as well.?
5. Insider Threats
Whether intentional or not, data leaks happen often. Smart Content Governance is something many homes and companies lack and need to take advantage of for added data protection.
Fix: Have the proper auditing software (IDS or IPS) to monitor for anomalies in employee behavior. It is also wise to have good configuration of logging systems to trace attacks back. A properly configured TSCC Firewall can do this.
6. Physical Attacks
Many people forget how critical it is to protect their physical homes or offices. If you’re an attacker, why invest hundreds of hours hacking technology when you can easily access a computer? A real-life attack could mean hardware theft or connecting a malicious device to the network in order to attack connected machinery and sniff the traffic.
Fix: We can help with pen testing to do a physical penetration analysis or red team engagement.
7. BYOD: Bring Your Own Device
The greatest risk comes when ANYONE brings outside devices and plugs them into your network. Connecting to your resources such as internal applications from an unsecured computer can be even more dangerous.
Often, people connect their smartphones to networks just to browse personal websites. This opens the company to digital risks because compromised devices can spy on and infect local networks. Also, when friends or employees are allowed to bring their own infected laptops to your home or office, which often have a variety of unmonitored software installed, their operating systems may lack security patches and basic security hygiene tools like antivirus systems.
When such computers are used, it’s almost impossible to know when malicious software like spyware is installed. This can infiltrate corporate credentials and allow hackers an easy way in.
Fix: Let us configure a guest network that is segmented from your main network.
8. Network Hacking
People are often unaware of ALL the devices they actually have on their network. They also lack the proper patch management policies and procedures to ensure they’re covered against newly discovered software bugs. All of which increases the likelihood they’ll get hacked.
Ten years ago it was more acceptable to be a little out of date, but there is no place for such neglect today. There are bots that continuously scan the internet, enumerating and checking public services. Everyday, bots try to crack passwords to web applications and other services, including FTP and SSH.
We’re all exposed and there is no place to hide, so ensure your external infrastructure is properly hardened, or you’re endangering yourself and/or your company. We’re living in an era when the business behind cyber attacks is more lucrative than ever. There are many ways to monetize obtained access, including selling corporate data on the dark web and deploying ransomware to obtain personal information.
Fix: We can help you learn what EXACTLY you have connected to your network and monitor it for you!
9. Vulnerabilities in Applications
Many people don’t realize Software on your computers (Not only the OS) needs to have frequent updates.
Fix: The solution is simple, Check once a month for software updates with All install software.
10: A VPN is always a good idea for protection. Check out this page.