Table of Contents
What are the risks of tech hackers to a business?
Cyberattacks hit businesses every day and their impact is growing. Experts say there are two types of companies, those who’ve been hacked, and those who don’t know they have been hacked. Every year cybercrime has increased as people try to benefit from business systems that are vulnerable. Most commonly, cyber attackers are looking for ransom and 53 percent of cyber-attacks resulted in damages of $500,000 or more.
What are the motivations of most hackers?
Cyberthreats can also be launched for other purposes, attackers often look to obliterate systems and data as a form of “hacktivism.” These cyber systems often employ a botnet, which is a network of devices infected with malicious software, such as a virus. Attackers control a botnet as a group without the owner’s knowledge with the goal of increasing the magnitude of their attacks. Botnets are used to overwhelm systems in a distributed-denial-of-service attack (DDoS) attack.
It’s important to understand the basic concepts of cyber security to fully comprehend the best way to protect your business.
Application/Information
IT or Information Technology means using computers for collecting, storing, or manipulating any information. This word is widely used in business and the area of computing.
Network
A computer network is a group of computers that is linked that enables a computer to communicate with another computer and share data, resources, and applications.
A computer network can be categorized by their size. A computer network is mainly of four types:
Computer Network Types
PAN (Personal Area Network)
LAN (Local Area Network)
WAN (Wide Area Network)
MAN (Metropolitan Area Network)
Operational
An operating system is a program that works as an interface between software and the computer hardware. It is a specialized software that controls and monitors the execution of all other programs that reside in the computer, including application programs and other system software.
Encryption
Encryption in cyber security means the conversion of data from a regular readable format into an encoded format. Encrypted data can only be read or processed after it’s been decrypted, making it very secure. That information could include everything from payment data to personal information.
Access Control
Access control is a security technique that regulates who or what can view or use resources in a computing environment. Access control is a fundamental concept in security because it minimizes risk to the business or organization. Logical access control limits connections to computer networks, system files and data.
End-User Education
The person a software program or hardware device is designed for is called an end user. The term is based on the idea that the “end goal” of a software or hardware product is to be useful to the consumer.
Disaster Recovery
Disaster recovery, or a disaster recovery implementation plan, is a protocol designed to assist an organization in executing recovery processes after a disaster to protect business IT infrastructure and promote recovery.
What kinds of devices are susceptible to attack?
Smart home devices are vulnerable to hackers
Thousands of hacker attacks were launched on a network of smart home devices recently to assess the risks the gadgets pose to consumers. Engineers produced the attacks and launched 1,017 unique scans or hacking attempts directed at devices on the net. These devices included printers, wireless security cameras smart TVs, and Wi-Fi kettles.
The attacks continued to grow, and actually reached 12,807 during a subsequent week, with 2,435 of those attempts successful in logging into a device because of a weak default username and password. In the experiment, most of the devices in the “hackable home” environment were able to prevent attacks through basic security protections. Interestingly, the most concerning issue found was a connected camera with a weak default password. A common weak user name and password pairing allowed automated hackers to gain access to the camera stream.
Device data in the smart home space is a lot different than personal identifying information. The good news is there hasn’t been a lot incentive for hackers to access smart home data. Hackers would rather spend their time installing ransomware and stealing really valuable data like credit card numbers.
However, a hacked smart thermostat might provide a gateway to a home network and access to personal computers and digital files. A smart camera or baby monitor that is hacked can also allow the same malicious activity as the thermostat. The camera can be used to spy on people and the camera in the home has been known to communicate or harass people in the home.
Smart home devices are attacked by hackers in many cases because the attacks are easy to do. Many devices are still being shipped from the factory with inadequate security protections in place, such as security codes to access the device being 1234 or 0000.
The best way to protect home devices from hackers is when you get a new device, always change the default password or set the password, if it’s not protected, out of the box. It is important also to check other security settings and consider hardening them. These will depend on the type of device. Security precautions can include options such as disabling access to address lists, turning off the mic on a voice assistant when you don’t use it, setting additional protection for online purchases and turning on additional confirmation or notifications.
It is also important to enable the settings to download and install security patches, if the home device manufacturer provides them. Unpatched vulnerabilities can provide hackers the quickest way to get into a home system.
Smart Car Devices
At a recent hacking competition, two competitors were challenged to exploit a flaw in the Tesla Model 3 browser system and gain access to the car’s firmware. While the reported “Tesla hack” woke up the industry, it actually isn’t even one of the most common vulnerabilities smart car owners should look out for. The event opened the eyes of smart car owners as to the vulnerabilities they faced every day to their own personal information.
Car alarms, particularly aftermarket car alarms, are one of the biggest holes in smart car security breaches. A recent study found three million vehicles are currently vulnerable because of insecure smart alarms. Hackers exploit insecure direct object reference (IDORS) issues within the alarm’s software, and then hackers track the vehicle’s GPS location, unlock doors after disabling the alarm, and in some cases even stop the engine while it is being used.
Key fobs are most commonly used by hackers to gain physical access to a vehicle. Criminals use a relay attack, and can capture a key fob’s specific signal with an RFID receiver, then use it to unlock the car. This high-tech version of a duplicate key comes with a very low-tech solution: If you cover a key fob in aluminum foil it will prevent the signal from being skimmed.
On-Board diagnostic (OBD) ports are legally required for all vehicles manufactured after 1996 in the United States. These OBD ports are usually used by mechanics, the port allows direct communication with the vehicle’s computer. Because the port bypasses all security measures to provide direct access to the vehicle’s computer for mechanics, it provides particularly tempting backdoor access for hackers.
The best defense is a good offense when it comes to protecting a smart car, the best ways to do that include:
Disable unused smart services. All car connectivity ports not used should be turned off, if not altogether disabled. This means that if you don’t use your car’s Bluetooth connectivity, deactivate it. Removing these access points will make your car less exposed to hacks.
Update your car’s firmware and keep it updated. Car manufacturers constantly test and update vehicle software systems for customer safety. Signing up for vehicle manufacturer recalls and software patches will help you stay on top of these updates.
Don’t embrace all new technology that doesn’t keep us at our most secure. Make sure after you’ve purchased a vehicle with technology that it has been field tested for a few years, allowing time for any vulnerabilities to be exposed.
Advocate for your car’s security. As smart cars become so smart that they begin to drive themselves, consumers must demand that manufacturers provide better security for autonomous and semi-autonomous vehicles.
Only use trusted mechanics and be mindful of who you grant access to your car.
Smart Phones
Always avoid unsecured public WIFI. Hackers love to target important locations such as bank accounts via public Wi-Fi___33 that can often be unsecured due to relaxed safety standards or even none at all.
Turn off the phone’s autocomplete feature. You can prevent stored critical personal data from being accessed by doing this.
Always regularly delete your browsing history, cookies, and cache. Removing your virtual footprint is important in minimizing the amount of data that can be harvested by prying eyes.
If you have an iPhone, enable Find My iPhone. If you turn the feature on in settings, you can locate your phone if you misplace it before the hackers can get to it.
Use a security app that increases protection. For Android owners, Webroot offers the all-in-one Mobile Security for Android app that provides antivirus protection and allows you to remotely locate, lock up and wipe your phone in the event you lose track of it. For iOS users, Webroot also offers a free secure web browser for increased mobile security on your iPhone and iPad.
What are the ethical obligations of a business to protect customer data?
Collect only the data necessary Companies should never collect data that is not needed and hold on to it only as long as it has a legitimate interest to do so.
Require Secure Passwords and Authentication. Companies should always require strong password practices with their employees. Passwords should be stored securely and not in clear text. Beware of backdoors and other means of avoiding password authentication.
Control Access to Data Sensibly. Always put limits on who can access sensitive information. Not every employee needs unrestricted access to the entire network and all the information in it.
Segment the Network and Monitor Who’s Accessing It. Always use firewalls to segment networks and work to limit access between devices on the network and between the network
Store Sensitive Personal Information Securely and Protect it During Transmission. Companies should protect sensitive information throughout its life cycle including when the information is transmitted to others, downloaded to a laptop or other device or destroyed.