There are certain things cyber criminals love to find when choosing their next victim, which makes their attack much easier and more fruitful.
According to David Cohen, the founder and managing director Systemnet, an IT integrator specialising in the SME sector, there are six core things business owners do that delight attackers.
The following oversights make it much simpler for hackers and viruses to invade a network, and allow them free rein to come and go as they please once inside:
1. No staff education about security
The less informed your employees are, the more likely they are to inadvertently let a hacker or infection into your digital network.
“The biggest issue we’ve come across is staff – uneducated staff … pushing on buttons. They get an email and click on a button without thinking twice,” David says.
2. Poor disaster recovery
Clients that have good disaster recovery can recover very quickly, but attackers can create more damage on a business if it doesn’t have disaster recovery processes in place.
3. Blissful ignorance
As previously reported by My Business, many businesses are oblivious to the fact they’ve already been hacked.
Not staying informed about what is happening in your network, such as monitoring systems, responding to warning notifications, setting up alerts for suspicious activity and so forth, is one of the easiest ways hackers can not only enter your system, but stay there undetected.
“Even if things are happening, no one is looking and trying to pick up these issues,” he said.
4. Set and forget policies
An extension of the above point is putting protection processes in place, but adopting a ‘set and forget’ mentality.
Cyber criminals love this, as they can more easily attack systems which have been left to age, and make repeat visits if their first breach goes undetected and hence the same door remains open.
5. Unrestricted data permissions
Giving your employees free rein to your data makes it much easier for attackers to infiltrate your network in its entirety, explains David.
“[We often find] a small business with 10 to 15 users, where all 10 to 15 users have got access to basically the entire data directory,” he says.
“So instead of segmenting it and locking down permissions, if one user gets infected, it can spread throughout the organisation … as opposed to containing it within their area.”
6. Misplaced trust
As David explains, many business owners place an undue amount of trust in the IT person they recruited only a month ago, while being dubious of the IT and security consultants with decades of experience they employ.
“Most of our clients don’t view us as trusted advisers. They basically view us as preferred suppliers, and that is obviously a big problem in the small and medium business space – because we’re not internal, they don’t give us that same level of trust, yet we have access to everything.”
Adam Zuchetti is the editor of My Business, and has steered the publication’s editorial direction since early 2016.
Ask the Experts: Business assets and liability after separation
By Anneka Frayne
Anxiety in the workplace
By Staff Reporter
Managing ‘sleeper issue’ of directors’ GST risks
By Jim Koutsokostas