Any company with an online presence must worry about hackers. The threat is real – hacking affects everyone from small, startup endeavors as to huge corporations.
Heck, just look at what happened to Equifax and their 143-million person data breach.
The costs are nothing to sneeze at, either. A single data breach costs the average company around $3.8 million.
In order to protect yourself and your company, you need to know common hacking methods and learn how to avoid them.
Here are 3 to get you started.
1. Session Hijacking
Most sites use “cookies” to capture snippets of information about you. These cookies are transferred to and from your browser and the website you’re trying to reach. That’s known as a “session” – it warrants a much longer conversation about TCP/IP, which you can read here if you’re so inclined.
Though cookie tracking is generally safe, it’s a practice that worries many internet users.
Hackers can strategically place themselves between these connections to intercept them. They can either try to decrypt your cookies and glean sensitive information, or they can copy it and take your place.
That’s the hijacking part of it.
The cure to the cookie-snatching problem is pretty simple. Websites send data over Hyper Text Transfer Protocol (HTTP), which you’ve undoubtedly seen before a website URL. Using HTTPS, on the other hand, ensures that your connection to the site is secure.
In plain English, that means that all connections between you and the website are encrypted and secured. So only connect to HTTPS sites to avoid cybercriminals coming for your precious cookies.
Related: 4 Common Endpoints You Might Not Be Protecting, But Should
2. Fake Wireless Access Point
One of the scariest (and easiest) tricks in the big book of hacker knowledge is the fake wireless AP.
By changing the service set identifier (SSID, aka the name of the network), hackers can trick people into connecting to their fake network.
Related: Cryptocurrency & Cybersecurity
See if you can discern which of these is fake, and which is a real SSID:
- McDonalds Public Wi-Fi
- Free Wireless Internet
- Boingo Wireless
- Cisco Meraki 2103
- John’s Home Network
- Bill Wi the Science Fi
- Pretty Fly For a Wi-Fi
Think you’ve got the right answers? You don’t. SSIDs are just names, and hackers can create ones with the exact same name as the originals.
Apologies for the dirty tricks.
If you connect to a fake wireless AP, hackers can steal your data quite easily. That’s because they’re essentially acting as the puppet master to your computer data – everything you’re sending and receiving has to go through them first.
Related: Backup Security: Here’s How to Do It
So how do you combat these evil twins? For starters, you can use a VPN to create a secure and encrypted tunnel from your computer to your digital destination. Be sure to only use secured Wi-Fi points and, if at all possible, avoid connecting to public Wi-Fi.
3. Phishing Attacks
Webster’s dictionary defines hacking as “the act of cutting or severing with repeated irregular or unskillful blows”.
We don’t really know what they’re talking about.
To us, hacking means a person gaining illegal access to something (usually a computer, a network, or a system of some kind). Therefore, it stands to reason that phishing exploits are just as much a hacker tactic as anything else.
Related: The Easy Way to Hack Your Business
Phishing attacks happen daily, and it’s all too easy for you or an employee to thoughtlessly click on a link that can infect your system with malware. That malware is often used to gather your personal information for malicious purposes.
These phishing attacks (often coming in the form of emails) look official and can claim to be a special offer from a huge retailer or an attempt to collect a bill from a supplier.
Tell-tale signs of these attacks include misspellings, incorrect graphics, and a general weird tone. The best course of action is to avoid opening, and delete these emails. Don’t respond to them or click on any attachment that they send over to you.
Avoiding Hackers in Business
These tactics are valid, and they’ll certainly decrease your chances of ever being hacked in the first place. However, the tactics become a little more unrealistic to implement in larger-scale environments.
For that, you’ll want to turn to a managed IT security service provider.
These providers (hint hint: that’s us) can keep a business environment hack-free by implementing secuirty solutions, as well as a healthy dose of end-user training.
Got questions about hackers? Want to learn more about security? Let’s have a chat.