Corporate Security – 5 Sure Fire Ways to Get Your Business Hacked
The #1 cause of planes falling out of the sky is pilot error. Interestingly, it’s also the #1 cause of compromised corporate security but in this case, planes don’t usually fall out of the sky and “pilots” are seated comfortably in office chairs all over our great nation. But that doesn’t mean the results can’t be nearly as catastrophic.
There are plenty of ways to hang yourself given enough rope – here are 5 really good ways to make sure you breach corporate security and crash the company plane.
#1. Open email attachments that you weren’t expecting
This one is the #1 error of all pilot errors. And before you say that crown belongs to those who run naked on the network – aka antivirus-free – corporate users are not expected to have to ensure their computers are protected with antivirus software so they get a pass on running without AV, but since AV can’t stop everything, read this carefully: Folks, if you get an attachment you weren’t expecting, be very wary. Especially when it’s a zip file purporting to be an invoice (NOT). Almost all of these threats come in the form of a zip file and they are most often sent under the guise of an invoice. But really, who sends an invoice in a zip file? Pretty rare…
So if it’s from someone you don’t know and have never heard of, for heaven’s sake just throw the damn thing away! It can’t hurt you if you don’t open it. But if it’s from someone you know and you weren’t expecting it, contact them in a separate email or pick up the phone. In general, don’t open zip files from ANYONE unless you were expecting it. You know, like: “I’m sending you a zip of all those docs we were working on.” Like that. Or at least ask your friendly neighbourhood IT guy (or better yet, a qualified Managed Services provider). Corporate security is no joke.
#2. Believe you’re not a viable target
So a few months back I was targeted by a phishing scam that attempted to get me to release about $30k worth of Cisco networking gear. They provided all kinds of banking information including very real credit documents from very real officials at very real banks. I know because I checked to see if the people in the documents actually existed and worked at the banks in question. LinkedIn is pretty cool, eh?
But I could smell a rat (I am, after all, a professional). And my instincts were spot on. Turns out they were they were masquerading as a small business that was also very real. I found that out when I looked them up on the web and called them to ask why a small construction outfit from Welland Ontario would want $30k worth of Cisco networking gear from a Vancouver IT provider. Surprise! They didn’t! But they had been recently hacked and all their confidential banking, credit, and corporate documents had been stolen which had then been parlayed into what was actually a reasonably well crafted phish. Just a little ol’ Mom & Pop construction outfit too small to be on anyone’s radar. Yeah, right – not so much. At the time I contacted the company, it was a police investigation. So this is two corporate security lessons for the price of one. You’re definitely not too small and you definitely need to watch out for scams that prey on the greed factor.
#3. Run with consumer grade antivirus (or no AV at all)
If you are on a corporate network and you have nothing to do with corporate security and IT in general, (other than to blame us propeller heads for everything from crashed computers to global warming) you get a pass on this one. Your network admin or IT services provider should be all over this. But if you are at or near the top of the corporate totem pole let me ask you this: would you rather ask questions and get answers before or after you get hacked?
If you are a corporation, you need commercial grade AV that can be centrally managed and monitored. Relying on users and individually managed antivirus for each computer is like a game of Russian roulette. So ask whoever is running your network. And if you don’t get the answers you want, ask some tougher ones.
#4. Run with a consumer grade firewall
My take on firewalls is the same as my take on antivirus. Protecting your network with a $59 London Drugs special (sorry LD, nothing personal) is will end in Heartbleed. Ok, not very funny but I’m more of a straight man anyway. Seriously, consumer grade firewalls can’t handle the traffic, don’t recognize hacking “signatures” in internet traffic, can’t check traffic for viruses before they get in, and can’t prevent an infected PC on the inside from spreading viruses across the land all willy-nilly like so many blooms in May. Invest in a good firewall and if you don’t know what that looks like, find an IT services provider with a good reputation and a practice in corporate security to help you.
#5. Be blissfully unaware of your corporate security profile
Probably the easiest overall way to get infected, hacked or otherwise smacked around is to take a head in the sand approach. As business owners and C-level execs, you need to manage this as effectively as you manage every other risk to your respective companies. And in this case, ill advised is ill prepared. If you can’t reasonably answer the question “Is my network safe and secure?” and then you don’t get a favourable response to the follow-up statement of “Prove it”, then all I can say is you have one foot in the grave and the other on a banana peel.
So these are just some of the ways you can be a victim but there are plenty more. Remember this truism: wherever there is something eat, there is something there to eat it. Be aware and stay safe. And if you need help with that, contact us today!