TechAdvisory.org

Technology Advice for Small Businesses

5 common security issues

Security_Aug05_CSecurity of your systems and technology is always an on-going battle and one you will likely never completely win. There are definitive steps you can take to ensure that your systems are secure, but we find that one of the most effective tools is knowledge. If you know a bit about how your systems can be breached, you can ensure a higher level of caution and security. To help, here are five common ways businesses see their systems breached.

1. You are tricked into installing malicious software

One of the most common ways a system’s security is breached is through malware being downloaded by the user. In almost every case where malware is installed the reason is because the user was tricked into downloading it.

A common trick used by hackers is to plant malware in software and then place this software on a website. When a user visits the site, they are informed that they need to download the software in order for the site to load properly. Once downloaded, the malware infects the system. Other hackers send emails out with a file attached, where only the file contains malware.

There are a nearly limitless number of ways you can be tricked into downloading and installing malware. Luckily, there are steps you can take to avoid this:

  • Never download files from an untrusted location – If you are looking at a website that is asking you to download something, make sure it’s from a company you know about and trust. If you are unsure, it’s best to avoid downloading and installing the software.
  • Always look at the name of the file before downloading – Many pieces of malware are often disguised with file names that are similar to other files, with only a slight spelling mistake or some weird wording. If you are unsure about the file then don’t download it. Instead, contact us as we may be able to help verify the authenticity or provide a similar app.
  • Stay away from torrents, sites with adult content, and movie streaming sites – These sites often contain malware, so it is best to avoid them altogether.
  • Always scan a file before installing it – If you do download files, be sure to get your virus scanner to scan these before you open the apps. Most scanners are equipped do this, normally by right-clicking on the file and selecting Scan with….

2. Hackers are able to alter the operating system settings

Many users are logged into their computers as admins. Being an administrator allows you to change any and all settings, install programs, and manage other accounts.

If a hacker manages to access your computer and you are set up as the admin, they will have full access to your computer. This means they could install other malicious software, change settings or even completely hijack the machine. The biggest worry about this however, is if a hacker gets access to a computer that is used to manage the overall network. Should this happen, they could gain control over all the systems on the network and do what they please on it.

In order to avoid this, you should ensure that if a user doesn’t need to install files or change settings on the computer, they do not have administrator access. Beyond this, installing security software like anti-virus scanners and keeping them up to date, as well as conducting regular scans, will help reduce the chances of being infected, or seeing infections spread.

3. Someone physically accesses your computer

It really feels like almost every security threat these days is digital or is trying to infect your systems and network from the outside. However, there are many times when malware is introduced into systems, or data is stolen, because someone has physically had access to your systems.

For example, you leave your computer on when you go for lunch and someone walks up to it, plugs in a USB drive with malware on it and physically infects your system. Or, it could be they access your system and manually reset the password, thereby locking you out and giving them access.

What we are trying to say here is that not all infections or breaches arrive via the Internet. What we recommend is to ensure that you password protect your computer – you need to enter a password in order to access it. You should also be sure that when you are away from your computer it is either turned off, or you are logged off.

Beyond that, it is a good idea to disable drives like CD/DVD and connections like USB if you don’t use them. This will limit the chances that someone will be able to use a CD or USB drive to infect your computer.

4. It’s someone from within the company

We have seen a number of infections and security breaches that were carried out by a disgruntled employee. It could be that they delete essential data, or remove it from the system completely. Some have even gone so far as to introduce highly destructive malware.

While it would be great to say that every business has the best employees, there is always a chance a breach can be carried out by an employee. The most effective way to prevent this, aside from ensuring your employees are happy, is to limit access to systems.

Take a look at what your employees have access to. For example, you may find that people in marketing have access to finance files or even admin panels. The truth is, your employees don’t need access to everything, so take steps to limit access to necessary systems. Combine this with the suggestions above – limiting admin access and installing scanners – and you can likely limit or even prevent employee initiated breaches.

5. Your password is compromised

Your password is the main way you can verify and access your accounts and systems. The issue is, many people have weak passwords. There has been a steady increase in the number of services that have been breached with user account data being stolen. If a hacker was to get a hold of say your username, and you have a weak password, it could only be a matter of time before they have access to your account.

If this happens, your account is compromised. Combine this with the fact that many people use the same password for multiple accounts, and you could see a massive breach leading to data being stolen, or worse – your identity.

It is therefore a good idea to use a separate password for each account you have. Also, make sure that the passwords used are strong and as different as possible from each other. One tool that could help ensure this is a password manager which generates a different password for each account.

If you are looking to learn more about ensuring your systems are secure, contact us today to learn about how our services can help.