Many businesses have spent the last several months worried about their short- and long-term survival due to the economic shutdown. After companies deal with the immediate needs of working remotely and revenue preservation, however, it’s a great time to address some of the other events that can quickly turn profitable companies upside down. This month, we’ll cover three of them.
There are few things that can do as much damage to a company as data theft. If the thief gets access to the right credentials, your business’s or employees’ sensitive data may end up floating around on the internet. Your customer data faces the same fate. Depending on the circumstances, you’re likely to be required to disclose the loss and lose the trust of both of these groups. Finally, the breach may open your company up to fines and lawsuits.
As damaging as it is, it happens all the time at companies large and small. Here are three ways it happens, and how to make sure it doesn’t happen to your business, too.
Someone Pays a Few Dollars to Access Your Network
Hundreds of data breaches have occurred at major companies over the last 15 years. These hacks have targeted medical companies, banks, governments, hotels, retail companies and political organizations. While credit card numbers and medical records are the biggest payday, hackers also try to steal the millions of usernames and passwords that people use to access websites and software.
All of this information eventually makes its way to the dark web, where it’s sold for a few dollars a record at most. If you have an employee who is using the same email address and password to log into other websites, those few dollars may be all someone needs to spend to gain access to your network.
If your employees use the same, old password for everything, the password they use to manage the business’s mobile phone lines might be the same one they use to manage the company’s bank accounts. It might also be the same one they use to log into your business’s network remotely.
As soon as a username and password is purchased, the buyer is going to try it on every site they can think of. If one of your employees uses the same login and password everywhere, they’re going to be heavily compromised.
One place they’re very likely to try to access is the email or remote desktop server of the email address they stole. If your employee uses the same password on your network as they use on the hacked site, the email purchaser may have access to your network.
This is much less likely to be a threat if a company uses two security measures: requiring all users to change their passwords every few months, and requiring multi-factor authentication to login to any sensitive business networks. Multi-factor authentication in particular is very powerful – as soon as the purchaser of the stolen credentials sees that the server requires the user to press a prompt on their phone or enter a six-digit code, they’ll move along to another login at a company that wasn’t as smart.
The moral of this story: if you don’t want someone to destroy your business by buying login information for a few dollars, require users to use multi-factor authentication wherever you can.
Someone Gains Access to a User’s Email Inbox
Users who leave their phones or PCs unattended in public places open themselves up to the possibility that someone can quickly peruse the emails or set up a forwarding rule. And as mentioned above, if a person’s login credentials do get stolen and the username is a business email address, that business’s email server is one of the first places a thief will try to access.
This is why you shouldn’t leave your most sensitive files sitting in an inbox. A user’s inbox is one of the most likely places in your network for a hacker or thief to gain access. Sensitive files should be shared via encrypted email, a secure file portal, or a secured business file storage platform like Dropbox or OneDrive. A bonus advantage of this policy: users won’t constantly be searching their inboxes for files that should be better organized and more accessible in the event that they leave the company.
Someone Actually Hacks Your Network
TV action shows wouldn’t be very exciting if the hacking scene was some kid spending a tiny amount of Bitcoin to buy a user’s credentials and then typing them in. So, they still show the scenario where someone finds an open port or unpatched software vulnerability and uses it to tunnel into a company’s network.
This can certainly happen, although it’s far less likely than someone using stolen credentials to gain access to networks or data. These types of hacks are typically aimed at major corporations and governments. They’re expensive and time-consuming to pull off in most cases, so the payoff needs to be worth it.
There are a couple of reasons they are more expensive and time-consuming than they used to be, but it’s mostly due to executives taking better care of their network security than they did ten years ago. Software is much more persistent about demanding users patch security flaws. Businesses are also much better about using firewalls and software to protect their data, because they understand the damage that stolen or lost data can do to their companies. The most important thing here is simply to not make it easy to hack your network – make sure you’re using the proper firewalls and software to provide the most protection possible.
To learn how WingSwept can help you minimize your risk of data theft, call us at 919-460-7011 or email us at Team_WingSwept@WingSwept.com.