This month, a Joint Cyber Security Advisory has been released. In this advisory, they have said that cybercriminals are using five main processes to hack into your network. They have also provided information on the best methods to protect your business from these attacks and their consequences.
A joint advisory is when lots of cyber security agencies come together; such as the UK’s NCSC, the FBI and NSA from the States, and many more worldwide. They then issue a report that provides essential information about cyber security that is definitely worth the read.
These are the five primary methods by that cybercriminals gain access to your business:
We have lots of information on phishing on our blogs and YouTube videos. This is because it is one of the most common forms of cyber-attack and one of the easiest to prevent. It comes in the form of emails pretending to be from a business that you may know of or use. It can also be done by impersonating somebody you know, such as a friend or colleague. This Email may prompt you to open a link or an attachment that would then download malware onto your device or lead you to enter details that the cybercriminal can then use to log into your network and software.
Valid Usernames and Passwords
Hackers can obtain valid details through phishing attacks or credential pharming. However, many cybercriminals access networks with email addresses and generic passwords that are common or easy to work out.
Remote Access Solutions
Perhaps you use a VPN to access your work network while working remotely. Well, cybercriminals can easily access your network just the same way. They will need a valid username and password, which they can easily find using the process previously mentioned.
Often, businesses will have servers within their offices that have domain admin accounts within the server. These might be for a software provider to log into and repair issues. However, if these accounts are kept active, these admin accounts become security as cybercriminals can log in and gain full admin access to the business’s server.
An example of a public-facing application is a website. If your business’s website is not secured, your business is at risk of a successful cyber security attack.
These are linked to an extent, with cybercriminals acquiring passwords and exploitation. So now you know what the main threats are, but how can you protect yourself and your business from them? Here are the advisories recommendations
Implementing Multifactor authentication across your business increases your security by 99.9%. So, surely it’s a no brainer? However, many companies don’t realise how important it is and won’t take it seriously. Multi-factor authentication can combat three, possibly even 4, of these threats, so it is worth it.
Even though multifactor authentication is very efficient, you still need robust passwords to strengthen your protection. This means you shouldn’t use things such as pets’ names or your kids’ names or reuse passwords. Having a password manager such as Keepersecurity will help keep your passwords secure.
This is a critical component of the cyber essentials scheme in the UK. So many businesses have active accounts for old employees or business partners. You need to regularly review who has access to the business and admin access.
Software, although brilliant, has flaws. System updates are so important; the best and most secure version is the; latest update. These system updates are known as ‘patches’. Patching all of your systems within 14 days of the update being released, try and do it ASAP. Your IT company should do this for you and provide a report of all of your patches.
Tighten Public-Facing Application Security
Hackers will use software to scan your network for any open ports that they can use as a gateway into your network to then exploit. Installing specific hardware and programs can be done by those with the required skills and experience.
There you have five of the most common ways cybercriminals hack into your business’s network and five recommendations to protect your business from cybercrime.