From the smallest of smart devices to the largest of servers, every piece of technology which is connected to the internet is exposed to the dangers of being hacked. As a result, IT companies have seen the need to constantly adapt their solutions and develop more intelligent capabilities to cope with potential attacks.
A lot of SMBs think they are too small to be a target of malicious attacks but the truth is hackers are not known to target any specific company size and anyone is fair game whether you are an individual who uses the internet to browse social networks or you are a Fortune 500 company . Everyone is at risk of a cyberattack and many security researchers have started to advice people to think of “when” a company is attacked, rather than “if.”
Cyberattacks can use outer and inner circle devices to enter systems like DSL routers, Wi-Fi access points, devices without antivirus, and embedded OSes and apps. Devices don’t run an antivirus, their patches are often out-of-date and they are typically used by small companies.
Is your data secured if your router has a public IP address and you log in using the default credentials?
The answer is – definitely not. With Cross-site Request Forgery (CSRF), the attacker uses authenticated web applications (usually through cookies), tricking the victim into making a request they did not intend to make. During a CSRF attack, the victim’s browser is tricked into sending HTTP requests to the web application such as transferring funds, changing their email address or even changing passwords amongst others. If the CSRF victim is an administrative account, then the entire web application can be compromised. An example of the hidden HTML code change is:
<input type = “text” name = enable_remote_management” value=” Enabled”/>
How can you make sure this doesn’t happen? Set your router on bridge mode and forget about the public IP address. You will have a network device (for example a DSL modem) that will serve as the server (ideally, the router with the greatest serving capacity should be chosen). Bridge mode connection allows additional routers to connect to the network without conflicting with the server as it will assign them an IP address automatically and your security will come from the firewall.
Outsmarting your devices
Many industries are using smart devices like TVs, webcams, printers, faxes, medical devices and so on. Most of these tools cannot be protected individually by installing an antivirus so they are more exposed to being hacked. The best solution to keep your network safe when dealing with many smart devices that can’t be autonomously protected, is segmentation. By creating a protected segment and isolating your unprotected devices, you reduce the risk of foreign access to your data.
With the reliance on Wi-Fi, companies need to make sure their network is secured. Most organizations require two wireless networks (formerly known as SSIDs) for client access. One SSID is mainly used by internal users – an encrypted extension of the wired LAN and the second SSID provides access to guests. A second option would be to setup the network on bridge mode and both SSIDs are assigned from it.
What are the most common mistakes that we can easily avoid to better secure the network? It all comes down to default credentials or misconfiguration. A default or weak password, open ports, or remote access are all ways in which hackers can get their hands on your data.
Ransomware and more
The most famous of cyberattacks and the one who brings back the biggest bounties: Ransomware. But how can you make sure you’re minimising the chances of being a victim? The answer in most cases is backup, backup, and backup. Backups also need to be done regularly, checked from time to time to make sure they still work and most importantly, they are to be kept offline, on a separate system.
But ransomware is not the only thing to look out for. Most cyberattacks are after one thing – and that’s money. In large companies, the hackers are after credit card numbers or user accounts’ personal details together with passwords. Once in possession of this data, these will be sold on the black market or else they will used for things such as phishing. For SMBs, the hackers are looking to either extort money, piggy-back on IT resources and even steal proprietary documents of the respective business.
Users can get infected by downloading pirated software, an infected web browser plugin, or by clicking on legitimate-looking adverts which contain the malware. In the latter case (known as malvertising) the webpage is considered clean by the firewall and local antivirus, but when the user follows the advert the malware is downloaded.
In the event your system is infected by Ransomware, you can try to decrypt the blocked files without the key as there are several tools out there that can help you with that. Some users have also reported files being unlocked after some time but in all cases, prevention is better than cure.
Here at GFI Software, Aurea SMB Solutions we are hosting a series of webinars which will go into further detail on how to secure your devices and protect your company from cyber threats. Join us in one of our FREE webinar sessions. Register here:
Start monitoring your network before others do – September 19, 2018
Minimizing the risk of cyberattacks on your network – October 23, 2018