How your employees are making your network vulnerable to cyberattack.

It’s only the start of the new year and we have already seen some huge cybersecurity ransoms.

We have been introduced to a new wave of fresh challenges facing some of the largest corporates in the world. Interestingly many are for Internet of Things (IoT) devices connected to personal networks.

Read on to see how this can impact your business network environment – especially when considering behavior change.

Cyber attacks in the home are becoming more common

Ring was sued by two couples in America; one couple for putting their home security and daughters safety in jeopardy following a hack into their home camera and spying on their daughter. The hacker told the girl he was Santa and encouraged her to engage with him. The case was grounded on the fact that Amazon (who owns Ring) could have better protected them. Ring said it is investigating the incidents and encouraged users to use two-factor authentication.

Ring said: “Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services.”

“As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords,” the company added.*

This sounds like good advice, but do people know what two-factor authentications is, and are people becoming more tech savvy in this regard? Also do they understand the implication of two-factor, for example if you lose your phone or upgrade your device, can you still access your two-factor authentication? These complexities need to be dealt with and the answers are not always explicit.

Ransomware attacks are on the rise

Hacking is becoming a way to earn a living; it’s being monetized in the home and is on the increase as more individuals are encrypting their data. Targeting individuals at home rather than in the corporate world is becoming more common due to weaker defenses and IoT devices as a route into the home. However, the impacts of using personal devices in the workplace is also creating security risks as devices hop across multiple networks.

For example, links sent via SMS to phones rather than company laptops is an easier target for hackers. Clicking these links has a chain effect. This behavior is becoming harder to manage and change in the workplace especially as more applications move to the cloud and passwords are not updated or changed across devices on a regular basis

Ransomware attacks are situations where hackers infect users’ devices, encrypt their files, and then demand a bitcoin payment (or other) in order to grant the victim a decryption key. In some cases, these attacks can be extremely damaging, which was seen when ransom seeking hackers locked 10 years’ worth of government data in Argentina and demanded Bitcoin in order for the files to be returned.

The real danger of a familiar password: the dark web

In our recent dark web campaign at Nowcomm, we found that 9/10 companies we had permission to investigate, have 5 or more stolen credentials. We find it’s tool very useful in highlighting the issue to organisations who feel they are secure and have ‘locked down’ their network vulnerabilities.

Of these customers the passwords were repeated for multiple different websites and services. Once these credentials are found, this gives hackers a ripe opportunity to attack credit cards, banks and so forth to sell this information on to criminal organisations. Cyber criminals can make existing issues worse and take advantage of current viruses (which sometimes come with code) and then target these to the dark web. Hence the need to help your organisation protect itself with employees using their devices on the corporate network.

Classic click bait includes cloned emails from newsletter subscriptions; great offers and competition wins which encourage link. Activities such as deleting old email accounts and removing credentials from sites you no longer use all help drive the right behaviours and ensure password management controls are on place.

Password management needs consideration

Where do staff members keep their passwords and how regularly are these refreshed? Password manager software is available to help recall passwords for various apps, sites and logins required on smartphones. But how secure are these tools and are they themselves protecting your data and keeping it safe. All for considerations especially if corporate network passwords are also stored alongside personal details.

Cyber awareness education is crucial to drive behavioural change and these are all some of the areas of expertise we can help discuss with you and your teams to maximise your protection from hacks and lock down any vulnerable areas.

About Nowcomm

One of only four UK Cisco Partners that simultaneously hold Cisco Gold Partner, Cisco Cloud and Managed Services Master Partner and Cisco Master Collaboration Specialised Partner certifications (in addition to many Cisco Advanced Partner Specialisations). Nowcomm is the trusted technology partner for many global brands, and is available via a 24/7/365 state-of-the-art network operations centre.

To discuss these issues with our team of experts and how we can help your organisation please click here, fill out the short form and we will contact you.

Sources 1 *

Source 2

Related posts

International Women’s Day: The increasing importance of women in technology

Stuck in a loveless Cisco partner relationship? You can do better.

Cybersecurity lessons learnt from 2022 and the New Year’s security resolutions you should stick to

12 new year’s resolutions for collaboration and hybrid working in 2023

What are the main reasons for poor WiFi in schools and how can you improve it?

How WiFi in schools is transforming the learning experience

All about the Department for Education Connect the Classroom initiative

Cloud Telephony for Public Sector

How is SASE Helping the Public Sector?

Hybrid workers are here to stay, but is your business ready?

How does call recording and analytics improve customer services?

A Quick Guide to Zero Trust Security

New phish in town – Browser-in-the-browser attack

Dubber on Webex – Call Insights and AI for Public Sector

Deep dive into the world of Secure Cloud Analytics

How is contact centre technology transforming the customer experience?

Exploits our radar: Apache Log4j

Cisco Secure Endpoint vs Microsoft Defender: Which one to choose?

From nice-to-have to business essential: why security matters for every business

How the adoption of digital accelerated collaboration technology