IT Support Blog for Small Business Owners

Think like a Hacker: How would you break into your company’s IT?

Posted by David S. Mulvey on Fri, Dec 30, 2016

Do You Have Weak Domain Passwords?

A company’s own users are usually the most vulnerable point of attack; and unfortunately, the most common point of entPassword-Hacking.jpgry for a hacker. Weak domain user passwords can easily be guessed and discovered. But you can avoid this with strict user authentication standards. Businesses have to teach their employees about proper password best practices. For instance, secure passwords should be at least 8 digits long, include a capital letter and a number and a symbol. You should also require that user passwords are updated every 90 days.  By implementing these two simple practices you can make a hacker’s job almost impossible to break your domain passwords and gain access to your network.

Local Administrator Password Attacks

Once a hacker has access to your administrative passwords, they essentially have control over your whole network. Local IT administrators can become lax in their password security, especially if they work in a small office that has not had a recent cyber security scare. All non-IT employees in a company should not have administrator access rights. Only provide domain administrator rights or the keys to the kingdom to a manager and your IT employee or IT service provider. By securing most of your employee’s access rights you really increase your chances of not being hacked.

Written Passwords Are Easy Prey for a Hacker

Passwords that have been written down are always considered to be a risk factor. Who has access to your office and can copy down all of your written passwords? Your night time cleaning company, a plumber, a visiting client or vendor? It’s extremely important to let your employees know that it is a company security policy to not write down any user ID’s or passwords.  Discuss your policy with everyone, insure that writing down passwords is akin to giving your company checking account out to non-employees.

Insufficient Password Segmentation

Another issue that often arises within smaller businesses is that a single password may create a domino effect, giving a hacker access to your entire network. With insufficient network segmentation, a hacker only need to be able to hack a single password, and with that single password, gain access to every server, every application and all of your company data. Implementing password segmentation, a hacker will only be able to access a very limited amount of data, designed for a single user. You can also ask your IT department or IT service provider to isolate critical databases from other servers on your network. Using physical isolation is just as effective as using limited password segmentation.

You can see here, that by implementing some passwords best practices, which are not that difficult to add, you can drastically improve your chances of not being hacked. Dont ignore recent cyber security attacks!  Remember to think like a hacker, and secure the easy stuff before you work on the harder and more expensive stuff. Chances are, by taking a few simple actions you can make a hacker move on to an easier target to attack.

Security Management

Topics: IT security, IT Cyber Security Issues, IT Password Security, Hacker

It’s Not Okay to Ignore these Recent IT Cyber Security Issues

Posted by David Mulvey on Wed, Mar 04, 2015

IT Cyber SecurityFebruary showers bring May flowers. Well that’s exactly how things are not going in Philadelphia nor is that what is happening with IT cyber security! February 2015 brought three important IT security issues to every IT department to contend with. If you had outsourced your IT security to ANP these would not be your concern, ANP would have handled them for you. However, if you are doing your own IT here are three big issues you should be proactively addressing:
  1. If you user use Firefox, update it now. Open Firefox, click on the little square icon near the top-right of your screen that is composed of three horizontal bars. Then click the question mark for “help”. Third, select “About Firefox.” Firefox will automatically download the latest version. The latest version, just released, includes important security patches that you need. Want to learn more, Click HERE.

  2. If you company uses Lenovo laptops, uninstall Superfish now. Starting in as early as 2010, Lenovo has pre-installed Superfish on some of their laptops. This junk-ware software is vulnerable to man-in-the-middle attacks. This means websites, such as banking and email, can be spoofed without a warning from the browser. Remove the application immediately. Want to learn more, Click HERE.

  3. Install Microsoft's Critical Security Update Now. Microsoft has released a critical security update to address multiple vulnerabilities in Internet Explorer. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system if the user views a specially crafted webpage. This security update is rated critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. Want to learn more, Click HERE.

As an IT Professional you simply cannot become lackadaisical regarding the patching of your IT environment. As an IT manager I often find that my IT professionals are so busy with their day-to-day responsibilities that it’s almost impossible to expect them to remain up to date with the latest IT Cyber security issues. I often visit the United States Computer Emergency Readiness Team website which is run by the Department of Homeland Security. The website is an excellent resource for all things cyber-security! Check out the US-CERT website by Click HERE.

 

Request A Free Network Assessment

Topics: IT security, IT Cyber Security, IT Cyber Security Issues

Subscribe By Entering Your Email

Follow ANP



Latest ANP Blogs

Browse by Category