Careless Mistakes from Businesses

Careless Mistakes from Businesses That Hackers Love

As a business, you want to avoid spyware, Trojan horse, and ransomware attacks to protect your data, intellectual property, employees, and customers. And one of the best ways to stop cyber threats is to stop bad habits that hackers thrive on in the age of remote working. The following unforced errors just make it easier for cybercriminals to breach your organization’s network defenses:

Error #1 Staff Untrained in Phishing

Phishing attacks are a typical way for hackers to steal sensitive data or trick an employee into installing viruses and other types of malware. Organizations must train staff to recognize spear-phishing attempts and should be able to answer questions like: what are computer viruses, malware, and other top threats against digital security?

Error #2 Unsecured Devices

The novel coronavirus has changed the way we do business. Instead of working from offices, we encourage employees to work remotely to follow shelter-in-place orders or protect their health. A side benefit of this changing culture is that operational costs have fallen, and, in some cases, productivity has improved.

While remote working has its benefits, it’s also made it easier for cybercriminals to hack companies with all types of malware and viruses. A common reason for this is more employees are using unsecured devices. Companies need to either provide their staff with secured laptops and devices or adopt endpoint detection and response software that secures all endpoints.

Error #3 Unsecured Login Credentials

The easiest way for a hacker to wreak havoc on your organization is to steal an account’s password and username. Think back to the infamous Colonial Pipeline ransomware attack, where a legacy Virtual Private Network (VPN)’s leaked password allowed a hacking gang to extort $90 million in bitcoin payments.

Here are some bad habits that make hacking login credentials easier for threat actors:

  • Short and simple passwords that carry common words or known numerical patterns.
  • No two-factor authentication measures.
  • Passwords that remain active for years.

Error #4 Unsecured RPD

Remote Desktop Protocol (RDP) is a valuable tool that allows someone to control a computer remotely. With RDP, organizations can enhance remote working, productivity, and tech support. Unfortunately, RDP is also one of the primary threat vectors for hacking, allowing cybercriminals to drop ransomware, elevate privileges, leave backdoors, and gain broader network control.

Here are a few ways to secure RDP:

  • Only make RDP accessible behind a secure VPN service.
  • Try a Remote Desktop Gateway Server for additional security.
  • Limit RDP access by IP address.
  • Enable Network Level Authentication (NLA).
  • Set complex passwords to stop brute force attacks.
  • Avoid using common port numbers.

Error #5 Poor Backup Habits

To reduce downtime after a ransomware attack, companies should regularly back up their data on computers not connected to networks. As you probably know, ransomware encrypts or corrupts your data. You may think that paying the ransom is the best route to recovery, but many ransomware gangs don’t respond after collecting payment, while others launch another attack phase. With regular and secured backups, your organization can avoid catastrophe.

An experienced and resourceful hacker can quickly capitalize on bad habits and punish a business with crippling cybercrimes. Follow the best procedures to mitigate your risk in this increasingly connected world.

Leave a Reply

Your email address will not be published. Required fields are marked *