There can be no doubt the fear of being hacked is at the top of the list of concerns for most business owners. This is true whether they are large corporations, small companies, or anything in between. Part of this fear is the nature of “hacking.” Most businesspeople have no idea how their data systems can be attacked. They don’t understand their vulnerability and therefore have no idea how to avoid the problem in the first place.
While a list of all the possible ways a computer system, endpoint, or network can be hacked likely wouldn’t be all that useful, a list of the most likely methods an attacker would use could be helpful in strengthening enterprise and small business systems against potential data loss, damage, and downtime.
By and large, any unsolicited or unexpected e-mail should be treated with suspicion. If said e-mail contains a link and requests any kind of information from the recipient, there is a close to 100% chance it is a phishing attack.
This type of attack works by deceiving the recipient into believing they are entering information into a legitimate web site when in reality, their information is being collected by an attacker for later use in defeating security either on the recipient’s network or on a third party site of some kind. Phishing attacks are popular with attackers looking for ways to access financial accounts at banks, brokerages, and payment processors.
No recipient should ever enter information into a site linked from an e-mail, even if they have an established relationship with the sender.
One thing most people don’t realize is that their wireless network is actually a collection of powerful radios that are capable of transmitting their data, including passwords and all kinds of other information, for long distances in every direction. Without adequate security measures and endpoint protection, it is a very simple matter for an attacker to intercept that information and collect it for later use.
Whenever possible, wireless access points, and especially those in public places, should be accessed with some kind of encrypted VPN or an https protocol. This scrambles the information being transmitted which makes it impossible for an attacker to utilize.
More than a few sophisticated businesses and organizations have had their networks compromised due to relaxed security on their public-facing web pages. A good example of a web-based attack is something called SQL injection. Any web page that accepts information from the public must sanitize that information before exposing the database to it. If a web page fails to do this, an attacker can embed SQL commands into the information provided to the web page. The database will interpret this information as Structured Query Language commands instead of data and execute it, potentially damaging the database or providing an attacker a means of accessing the site, server or network.
While this is by no means an exhaustive list, it should give the average business owner an idea of what kinds of challenges they face in the digital world. Most of the common attacks can be easily defended against, provided the proper steps are taken in advance and provided security is made a top priority for the company in general.