How your employees are making your network vulnerable to cyberattack.

It’s only the start of the new year and we have already seen some huge cybersecurity ransoms.

We have been introduced to a new wave of fresh challenges facing some of the largest corporates in the world. Interestingly many are for Internet of Things (IoT) devices connected to personal networks.

Read on to see how this can impact your business network environment – especially when considering behavior change.

Cyber attacks in the home are becoming more common

Ring was sued by two couples in America; one couple for putting their home security and daughters safety in jeopardy following a hack into their home camera and spying on their daughter. The hacker told the girl he was Santa and encouraged her to engage with him. The case was grounded on the fact that Amazon (who owns Ring) could have better protected them. Ring said it is investigating the incidents and encouraged users to use two-factor authentication.

Ring said: “Due to the fact that customers often use the same username and password for their various accounts and subscriptions, bad actors often re-use credentials stolen or leaked from one service on other services.”

“As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords,” the company added.*

This sounds like good advice, but do people know what two-factor authentications is, and are people becoming more tech savvy in this regard? Also do they understand the implication of two-factor, for example if you lose your phone or upgrade your device, can you still access your two-factor authentication? These complexities need to be dealt with and the answers are not always explicit.

Ransomware attacks are on the rise

Hacking is becoming a way to earn a living; it’s being monetized in the home and is on the increase as more individuals are encrypting their data. Targeting individuals at home rather than in the corporate world is becoming more common due to weaker defenses and IoT devices as a route into the home. However, the impacts of using personal devices in the workplace is also creating security risks as devices hop across multiple networks.

For example, links sent via SMS to phones rather than company laptops is an easier target for hackers. Clicking these links has a chain effect. This behavior is becoming harder to manage and change in the workplace especially as more applications move to the cloud and passwords are not updated or changed across devices on a regular basis

Ransomware attacks are situations where hackers infect users’ devices, encrypt their files, and then demand a bitcoin payment (or other) in order to grant the victim a decryption key. In some cases, these attacks can be extremely damaging, which was seen when ransom seeking hackers locked 10 years’ worth of government data in Argentina and demanded Bitcoin in order for the files to be returned.

The real danger of a familiar password: the dark web

In our recent dark web campaign at Nowcomm, we found that 9/10 companies we had permission to investigate, have 5 or more stolen credentials. We find it’s tool very useful in highlighting the issue to organisations who feel they are secure and have ‘locked down’ their network vulnerabilities.

Of these customers the passwords were repeated for multiple different websites and services. Once these credentials are found, this gives hackers a ripe opportunity to attack credit cards, banks and so forth to sell this information on to criminal organisations. Cyber criminals can make existing issues worse and take advantage of current viruses (which sometimes come with code) and then target these to the dark web. Hence the need to help your organisation protect itself with employees using their devices on the corporate network.

Classic click bait includes cloned emails from newsletter subscriptions; great offers and competition wins which encourage link. Activities such as deleting old email accounts and removing credentials from sites you no longer use all help drive the right behaviours and ensure password management controls are on place.

Password management needs consideration

Where do staff members keep their passwords and how regularly are these refreshed? Password manager software is available to help recall passwords for various apps, sites and logins required on smartphones. But how secure are these tools and are they themselves protecting your data and keeping it safe. All for considerations especially if corporate network passwords are also stored alongside personal details.

Cyber awareness education is crucial to drive behavioural change and these are all some of the areas of expertise we can help discuss with you and your teams to maximise your protection from hacks and lock down any vulnerable areas.

About Nowcomm

One of only four UK Cisco Partners that simultaneously hold Cisco Gold Partner, Cisco Cloud and Managed Services Master Partner and Cisco Master Collaboration Specialised Partner certifications (in addition to many Cisco Advanced Partner Specialisations). Nowcomm is the trusted technology partner for many global brands, and is available via a 24/7/365 state-of-the-art network operations centre.

To discuss these issues with our team of experts and how we can help your organisation please click here, fill out the short form and we will contact you.

Sources 1 *

Source 2