Professional Documents
Culture Documents
Ebook AVG
Ebook AVG
& Hacking
Look out!
From spear phishing to social engineering and Trojan horses - the ways in which a
computer or network can be hacked have some rather obscure and technical names.
But what do these dramatic-sounding threats really mean to a small business, and how
likely are they to occur?
Introduction
The first step in tackling a threat is to understand it. This guide will demystify
global hacking phenomena and explain how local and small businesses can inform
and prepare themselves.
T
he Internet is growing at Many small businesses assume a But that’s not all, there are plenty more
a staggering rate. Devices hacker won’t be interested in their protective measures that you and your
proliferate, user numbers data, misguidedly believing that they’d business can undertake...
continue to surge and the means be more interested in hacking larger
of connecting devices, data and corporations.
applications with the users grow ever
more complex. Sadly, the evidence shows otherwise
with the FBI reporting1 hackers cost the
Joanna Brace is Vice President With accelerating levels of technological US economy $8bn in 2014. So what can
of Marketing & Product integration comes the opportunity to businesses do to prevent those attacks
Marketing, AVG Business. live and work in new and exciting ways. or at least lessen their impact?
Her track record spans brand- But with that change come certain
building, product development risks. The more means we have to be The answers are simpler than you might
and marketing strategy. She connected, the more devices we use, think. Surprisingly, the number one
joined AVG from Skype. the more windows of opportunity there solution to reduce the chance of being
are for hackers. hacked is to use a strong password! 1 https://www.fbi.gov/news/news_blog/2014-ic3-annual-report
A
nonymity is the primary modus have the slightest idea how to hack are supplying. Hackers know this too.
operandi, no matter what the into, say, NASA or even a standard
nationality of the hacker. Hackers e-commerce system. And while hackers Anonymously, and from international
in, say, Brazil, can anonymously run have many and varied reasons for doing bases, hackers produce programs and
phishing operations targeting web what they do, it’s not quite so hard to software designed to scour the web
users in Spain, the UK and the US as understand who they target and why. hunting for those weak links, wherever
well as targeting their compatriots. they may be.
And they have done so. Cybercrime is Larger corporates have more financial
so hard to police because of this lack of resource to invest in defenses. Hackers Hackers don’t just want purely financial
geographical restriction. are well aware of this. They then information, personal profiling data is
logically target the weaker links in the highly valuable to them because it helps
Whatever else can be said about them, chain - the suppliers, so often an SMB. them acquire other account details later
hackers are highly skilled and technically on as is corporate data relating to new
competent people to say the least - Don’t be fooled by the The data that these SMB suppliers product research and development.
don’t be fooled by the “geek” label; the “geek” label process is often extremely valuable,
vast majority of web users would not both to the SMB and to the client they
W
hat is not so clear is why don’t spend days or weeks trawling the
businesses are still leaving Internet looking for sites to hack, they
the time it takes
3.5
their keys in the ignition. create code to do that for them which
Believe it or not, the most popular ceaselessly scans for weaknesses, flaws to guess a weak
password in 20141 was still 123456. and open doors. mins password 3
Likewise, when a business owner thinks
“I’m a small business, hackers won’t be A single hack may only result in a few
interested in me” they may not bother hundred sets of credit card details, but Two-thirds of
with higher levels of security. If they do, that data is still highly desirable because people use the The most common
they’re letting their guard down on at of its value on the black market. Even same password
least two counts: a misguided belief and
much weaker security, both of which
if the hacker doesn’t sell or share the
data directly, they can use it to set up
for multiple
accounts 2
3 types of breach: 4
• employee error
increase the attraction and ease with other accounts online and create false or • crimeware
which hackers can break in. duplicate identities based on real people
- your customers - in order to commit
• insider misuse
It doesn’t take long to find a site or fraud, other crimes or more simplistic
network with poor security either. Hackers disruptive activities. 1 http://arstechnica.com/security/2015/01/yes-123456-is-the-most-common-password-but-heres-why-thats-misleading/
2 http://www.entrepreneur.com/article/242208?linkId=14760815
3 https://blog.bit9.com/2015/03/15/dont-be-cracked-the-math-behind-good-online-passwords/
4 http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf
Y
ou may not store any customer being in a constant state of compromise most virulent and prevalent attacks.
credit card details on your server, and flux. This represents a constructive and
but your website can still be helpful shift in attitude. It doesn’t mean
defaced or taken offline for other reasons. This isn’t as pessimistic or alarming as that small businesses accept defeat or
If that happens it could: it sounds. It’s actually more a pragmatic ignore the risks; it means you accept
and realistically-minded recognition that you can’t always foresee every
● Stop orders coming through. that, rather than trying to predict and attack and instead you take steps to
defend against all possible attacks at minimise the related impact.
● Cause a loss of customer
all possible times (which is extremely
confidence in your site’s security,
brand or reputation. resource intensive and costly), it is In a short amount of time, by carrying
better to accept that a certain amount out a few straightforward measures
● Cause customers to log on to a of compromise is always likely. coupled with some fine-tuning, you can
competitor’s site. easily raise your level of security against
With that in mind, you can then the most common threats without it
An emerging trend in the security maximise and allocate whatever costing your business the earth. Take
industry is to think of your business as resources are available in tackling the your time to consider them.
T
he first thing you and your ● Changing your passwords regularly, at the past, limiting the loss and helping
staff can do is to use a strong least once a month is good A strong password you recover as quickly as possible if you
and unique password for each consists of a mix of the are hacked.
account. ● Not using the same password for following:
multiple accounts. Check your Code
The second important means of defense ● Uppercase letters: F X W Assuming you do not have the
is to keep your passwords strong and ● Not writing down your ● Lowercase letters: k g m appropriate internal resources, invite
confidential! You can put your business passwords ● Numbers: 7 4 9 0 an IT professional to scan your systems
in a good position by: ● Symbols: @ & ! $ and perform a penetration test to
Check Yourself! ● 12 or more characters confirm that the coding and hosting of
● Limiting how many people have Defeating or deterring the hackers your website is both robust and free of
access to your systems. doesn’t stop at strong passwords. common errors.
These simple checks will help ensure device in your network. Leave nothing
● Limiting what types of data people your IT security is in good shape: out of date and no stone unturned. You may need to invest in an SSL
can see and edit certificate too but this isn’t expensive.
Check your Firewall and AntiVirus Check your Backups
● Changing the default password when Are they both up to date? Are the right Running a daily backup means you can
you create an account settings applied? Do this for every restore everything to a recent point in
You don’t have to leave it to chance, you can improve your security and
protect your business.