Well, cybercrime has been global for years. What changed? It’s now more widespread. And, hackers are trying to exploit the global situation with COVID-19. Let’s zoom in on the alarming local consequences.
Long ago, robbers hid in a roadside ditch and jumped out when victims came walking along. Now they send your company a fake email that results in your files being held for ransom.
Goal: Unchanged (stealing).
Our ancestors taught themselves to watch for robbers. We all have the same job nowadays.
Skip to the tips
Jump ahead to the core info
Scope of the problem
How bad is it?
Did you know Microsoft took down 50 hacker websites in 2019? ITProPortal reported the sites were linked to cyberattacks originating in North Korea.
“The attacks apparently came from a hacking group known as Thallium, which has been accused of being affiliated with the North Korean government.”
Investigators said the 50 domains were used for “spear phishing” attacks to steal personal data and upload malware to infect IT systems. We at Realize have written about spear phishing on our blog.
It’s difficult to estimate how much damage could be done by 50 hacker websites. Especially since these were run by experienced criminals.
Targeting ordinary people
The Microsoft Threat Intelligence Center said the operation was designed to target employees of governments, international agencies, as well as university staff, mostly based in the U.S., Japan and South Korea. “The U.S.” is us, folks. Forbes magazine reported that “The hacking group appears to have been targeting government employees, university staff, those working on nuclear proliferation issues, as well as world peace and human right[s]. The majority of those targeted were based in the U.S. …”
But, these thieves are targeting organizations of all sizes. That includes your small business far away from major ports and international markets.
1Never use real words or names. Avoid doubling letters or numerals. Use a new password for each application (don’t recycle/reuse).
Password management software is a good investment. Due to competition, the free versions of some of these products work very well.
One trait of society in the United States is a strong desire for convenience. Good, effective password policies are not convenient. Accept this fact. If we don’t accept this, hackers will use our desire for convenience against us.
Examples of passwords:
h9dT+-u8q?d+Atae (16 characters=strong, includes symbols and numbers, letters lowercase and uppercase, excludes similar characters, excludes ambiguous characters.)
‘aSZ*@ORwmeBo>]J (16 characters=strong, includes symbols but not numbers, letters lowercase and uppercase, may include similar or ambiguous characters.)
Firewall, Anti-Malware Software
2Intricacy is part of security. Thieves may use many ways of finding flaws in your armor. As a result, security software has many layers. Instead of trying to do all this on your own, invest in good software.
Think about it this way: Security companies who offer software have deep resources. They use security specialists with knowledge far beyond average, and likely beyond local resources. It would cost a pile of money to hire such a specialist to enhance the security in your offices. But, the firewall or anti-malware software they put on the market reduces that cost to folks like you. As a result, the market works in your favor.
Choose wisely when purchasing. If you have a technologist available, start with her/him. If you want to branch out, pick about three tech review sites and compare. In Google (or Bing or DuckDuckGo) type the following search terms …
“firewall” “small business” “reviews”
The quote marks tell the search engine to return results without omitting any of the three terms. That resulted in a page full of links leading to reviews!
Train and be stakeholders
3Crooks on the web are trying to exploit human behavior. So, we must train to change our own behavior, and no longer be vulnerable. When we look at past break-ins, they usually occur due to simple mistakes. This happens to employees and managers. Although rank has advantages, it does not grant immunity from hackers.
Managers must remember that training programs are most effective when they are persuasive. Forcing instructions down someone’s throat will create resentment and hurt morale. The wiser option is to open a dialog with employees in training. Make sure your employees see how they benefit from improved cybersecurity. “You get to keep your job” is not a benefit; it’s just a threat.
Most importantly, a stakeholder receives a benefit for work that goes beyond money. Improving your personnel management will ensure all employees feel like stakeholders.
Training should also include crisis response, like the current situation with the coronavirus pandemic. Realize Information Technology owner Jeff Woods reports that Tulsa-area businesses must be proactive.
“We are receiving numerous alerts that hackers are attempting to exploit the fear and panic from the COVID-19 outbreak,” Woods said in a blog post.
- Encrypt and back up data
- Stay ahead by backing up data and storing it separately
- Invest in cyber security insurance
- Seek specialist advice for cyber security insurance
- Create a security-focused workplace culture
- Educate staff on the dangers of unsecured networks
- Teach avoidance of unsecured websites
- Discourage password sharing
- Restrict network admin rights
- Use robust anti-malware and firewall software
- Use software in conjunction with education
- Protect against the threat of an attack
- Work toward a greater understanding of how hackers get in. Most intrusions involve leveraging human nature. They know your staff is busy and may be prone to error. They know some employees are not proficient with technology. And, they know many password policies are either flawed or not enforced.
- Gain freedom from negative ideas that limit your defense. Example: every potential problem need not be your headache. There is reasonably-priced software to handle much of the security load. From basic user tools to enterprise-level firewalls; you have options.
- Earn a better reputation as you avoid intrusions. A successful hacker will not only hurt you internally, but any public disclosure could cause customers to mistrust you.
● The gist of this post is empowerment. Have you ever seen a news report about women who have been assaulted being taught self defense? That training is not just about physical combat. It’s also about having a belief system that is built on confidence.
● Being proactive is your best defense against cyberattack. Don’t listen to anyone who promotes a do-nothing approach. As smart as hackers are, you have the capacity to match them.
Feature photo dragon by the DigitalArtist at Pixabay