BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

11 Ways to Protect Your Business from Cyber Criminals

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 29 Dec 2014 18:59:13 -0700
http://www.business2community.com/tech-gadgets/11-ways-protect-business-cyber-criminals-01095855

The “bad guys” no longer are the gangs roaming around with chains and
baseball bats. Many are probably geeky little waifs with thick
glasses—organized cyber crime—and these thugs are looking for small
businesses to brawl on with their brains. They want sensitive data from
these businesses, and yours may be next.

Organized cyber crime rings are just that: organized, and highly, but there
are ways to protect your business from them. They consist of the following:

- Programmers. These skilled techs write and code the viruses that infect a
business’s computer network.
- Carders. These specialists distribute and sell stolen credit and debit
card data. Sometimes they transfer the data onto blank cards, and then put
foil on them to create duplicates.
- Hackers. These intruders break into a company’s PC networks via their
vulnerabilities.
- Social engineers. This is the creative end of the crime ring; these con
artists concoct ingenious schemes that trick people into giving up personal
information or visiting websites that download viruses.
- Rogue systems providers. These are unscrupulous businesses that provide
servers for cyber thieves.
- Money mules. They purchase things at retailers using stolen credit cards.
Some launder money while others ship products, and may be part of a foreign
crime ring.
- Bosses. They’re the head honchos of the crime ring, hire their worker
bees and rake in all the money.

Why do they aim for small businesses?

They want valuable data: Social Security and credit card numbers, bank
account information, e-mail addresses, home addresses, birth dates and
more. With this loot, they take over existing accounts or open new accounts
to make fraudulent charges. With e-mail addresses they conduct phishing
operations.

Hackers seek out weaknesses such as employees at risk for falling for
social engineering scams, an outdated operating system or an outdated
browser.

There are 11 ways to keep these roaming cybergangs at bay:

- Keep your operating systems updated so that they’re regularly patched.
- Have a firewall, plus software that opposes virus, spyware and phishing
attacks.
- Keep your browsers updated at all times with the latest version.
- Keep all system software updated.
- Encrypt your wireless network.
- Restrict software and set up administrative rights so nothing gets
installed without authorization.
- Use filtering that controls access to data.
- Block access to restricted sites with Internet filters to prevent
employees and hackers from uploading data to storage clouds.
- Remove or disable USB ports so that malicious data can’t be downloaded.
- Implement strict password policies.
- Encrypt entire drives, folders and files.

These 11 factors aren’t the be-all, end-all. Other variables exist that can
lead to hacking such as scammers working on the inside, and employees not
being educated on “bring your own device” risks. A business should consult
with a professional. Small businesses should consider two factors:

Software for data loss prevention and risk assessment: This software will
monitor the entire network’s activities to detect events that could lead to
a data breach and nab them before the breach occurs.

Penetration testers: White hat hackers will search for weaknesses and try
to break through them, using tactics similar to what black hat hackers use.
These white hat hackers may use social engineering tricks or screen the
physical security of the building for weaknesses. These staged attacks are
proven to succeed elsewhere, so if they work against the company during
these experiments, the company will have a rude awakening.

If businesses do nothing, with an “it can’t happen to us” mentality, it’s
not “if,” but “when” they will be attacked by ruthless cyber crooks.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: