It’s hard not to lament the good old days of getting hacked by the Dark Web’s cleverest, most sinister actors. Just a few years ago, only the techiest of hackers knew how to find weak channels in your network. You had to applaud the brilliance of these cybercrime masterminds to exploit technical vulnerabilities. Well, almost. Had they not stolen your data and your money, the admiration may have been higher.
But with the advent of crime-as-a-service technology, these days, any old dummy can, at the least, take you for some hard-earned cash, or at the worst, wipe out your business. Cybercrime is everywhere, and with the new professionalization of the Dark Web, your business is at even greater risk because these hackers’ tools are wildly simplified and readily available to anyone with a couple hundred bucks and minimal technical skills.
Ransomware is rampant and it’s showing no indication of dying down. In fact, in 2017, we saw ransomware attacks on unprecedented scales, starting with the Wannacry attacks and then later with the Petya attacks. While many of these attacks targeting individual computers, asking for $300 in ransom to get data back, others hit the bottom line (like when FedEx lost $300 million).
The reality is that the skills required to operate such software are incredibly low. If you can operate iTunes, you can run ransomware. As this is where the professionalization comes in.
Crime syndicates have globally seized the opportunity to create simplified software for users to do their own cybercrimes. These cybercrime tools are easily accessible and include things like:
- Phishing kits. These programs use email templates, real company logos, mimicked formatting and even mirrored landing pages to ensure legitimacy and to make the target believe the source is real.
- The coding is all done for you. This allows you to use viruses, trojans, worms and other nefarious software to enter weak systems and wreak havoc.
- Exploit kits. These kits search for weaknesses in common software with unpatched fixes. Remember: Wannacry entered through a vulnerability in Microsoft operating systems that were subsequently patched.
- Denial-of-Service tools can knock out websites, email systems and more.
The list goes on. Sadly, anyone can easily rent or buy these kits and tools and carry out an attack on his or her own. Likewise, the likelihood of being caught is extremely minimal due to the ease of anonymity on the internet and with cybercurrency.
So, what can you do to protect your business in the face of expanding criminal access to uncomplicated criminal tools?
Tips for Cybercrime Defense
Knowledge is always the best tip for your business. Having a solid cybersecurity strategy, and knowing what those elements are, gives you a leg up on the average company. By defining cybersecurity protocols, you can implement some common sense cybersecurity across the board, ensuring that everyone on your staff is following best practices.
Your baseline cybersecurity needs to include:
Required password procedures
Force password updates at regular intervals, and require long passwords that are at least 10 characters each.
Vulnerabilities in software are patched in updates. Make sure your OS and software are up-to-date and that no unlicensed software is being used.
Establish phone policies
Make your staff aware that none of your vendors will ever call and ask for passwords or account numbers, no matter how professional and convincing they sound.
Use whenever possible. It may take a few seconds longer to log in, yet the dividends it pays in security are exponential.
Use antivirus software
Every workstation needs it, and it should be updated automatically. Good antivirus software updates frequently to keep in line with newly discovered viruses.
These are just a few steps to point you in the right direction. But your company is unique and has unique needs. Call KJ Technology today to assess your network for vulnerabilities.