When we think of data breaches, we usually only think about ones that target large companies and corporations, such as the Equifax breach that affected 147 million people in 2017 or the Capital One data breach that affected 100 million people in July, 2019. However, small businesses are more likely to be targeted in cyber attacks than bigger companies because they often have fewer security measures in place to protect their data. When they do get hit, those attacks can be devastating. In 2018, 41 percent of small businesses said they experienced a data breach that resulted in financial damages that exceeded $50k while 60 percent of small businesses close within six months of a cyber attack due to a loss of data, revenue, and client trust.
Most attacks are caused by network vulnerabilities – weak spots in your communications infrastructure, intranet or internet connections, hardware, software, and servers. To help you protect your Raleigh business and consider how you look at network security, we are sharing the five most common network vulnerabilities that put you at risk for a cyber-attack.
Network Vulnerabilities and Malware
Malware, or malicious software, is a catch-all term for software or a program designed to damage or harm a computer network. Whether it’s designed to steal your data, spy on your activities, or shut down your systems, once malware enters your network, it can cause serious issues for your business.
There are several types of malware, including:
- Spyware – Malware that spies on user activity, stealing data, monitoring activity, and collecting keystrokes to access passwords.
- Viruses – Capable of copying itself and spreading, these can steal information, steal money from accounts, shut down computers, and other harmful actions.
- Ransomware – Malware that encrypts your files or locks down your system until you pay a ransom to the hacker to unlock it.
- Bots – Software programs designed to perform specific functions.
- Adware – Advertising-supported software that automatically causes pop-up ads. Often, adware is bundled with spyware on free software and free applications.
The network vulnerabilities we are outlining often lead to malware infecting your network, and often, businesses don’t realize they’ve been infected until it’s too late.
Outdated or Unpatched Software Applications
While most operating systems and common applications like Salesforce, Microsoft Office 365, and Google G Suite are generally secure, the sheer volume of code to run them makes security vulnerabilities inevitable. These companies have developers on staff who are constantly looking for weak spots in their applications and OS and create patches to fix them, Once located it’s absolutely necessary to install those patches when they become available. Without these patches, a hacker can easily submit a command prompt that steals data or shuts down your system.
Additionally, running an operating system or software that is no longer supported by software developers means there won’t be patches or updates sent out to fix vulnerabilities. It’s important to always move to current versions and perform network vulnerability scans (or have them done by a managed network security service) to reduce your risk.
If you’re using a weak or a default password on a web application or internal software program, you’re leaving yourself open to a data breach. Simple passwords like the default option, ‘password,’ or your business name are easy for malware programs to crack or for hackers to steal. Making sure you and your team are using stronger passwords.
Check Your Firewall Configuration
Your firewall monitors incoming and outgoing network traffic and allows you to set up rules for access that prevents unauthorized sources from entering your network, or from people on your network from accessing security threats. This is an essential part of your security, but it has to be used correctly in order to block threats.
It’s important to check your rule base – the set of rules that determine who and what are allowed through your firewall, and who is not – to make sure it’s not containing configuration errors, like classification problems, typos, or allowing more access than is necessary.
Mobile Device Vulnerabilities
Even if your in-office devices are well-protected behind firewalls and strong passwords, mobile devices, such as phones, tablets, and laptops, can leave you open to cyber-attack. Using Bluetooth or an unsecure wi-fi connection provides an open door to access to cached passwords in your web browser, information in emails, and other classified information.
To protect your data on mobile devices, make sure you avoid using public wi-fi, avoid downloading apps that aren’t well-tested, and log out of accounts when you aren’t using them.
Lack of Data Backup
While it’s important to do everything possible to stop an attack before it happens, it’s also just as essential to your business that you have backup and disaster recovery in place. For example, even if you have strong passwords with two factor authorization in place, mobile security protocols, and updated applications, if someone inadvertently downloads a file with ransomware attached and shuts down your whole system, your business is gone. By having an off-site backup done regularly, your data is safe and easily restored, preventing downtime and disaster.
Contact Strategic Systems – A Division of CEI for Managed Network Security in Raleigh
If you are concerned that vulnerabilities in your network could lead to a data breach, but you’re not sure how to fix it, we can help. Strategic Systems – A Division of CEI offers affordable managed IT solutions, including network security and data backup, to protect your business and reduce your risk of a cyber-attack. To learn more about our services or to schedule a consultation, contact us by calling (919) 783-1410 or fill out our online contact form below.