If you're an IT manager, a system administrator, or you work in tech support, you're probably well aware of all the basic tips and tricks when it comes to online and offline security. It would be utterly patronising to talk you through how passwords, firewalls, anti-virus, and data leaks work yet again.
However, it's worth considering that with any digital system there are angles of attack that even the sharpest of security professionals can miss. Hackers and cybercriminals are devious and inventive. Technology also changes quickly - new innovations and products can create new risks. Here is a brief guide to four of the more unusual and overlooked security risks to your data that are currently at play.
1) The Internet of Threats?
IoT (Internet of Things) devices such as smart TVs, fridges, and other white box appliances are taking off in popularity across the globe. However, the rush to interconnect everything has meant that a lot of holes to the outside world have been opened up in home and business networks.
Authentication protocols are typically weaker when a remote connection is made to an IoT device. In theory, hackers may be able to find a backdoor into a wider network or even cause malicious compromise, steal data, or force a malfunction via an unsecured, sub-par IoT device. Locally, devices such as wireless keyboards and streaming hubs can provide backdoors as well. An IoT-rich network can also provide skilled hackers with a rich farm of poorly monitored, easily redirected internet traffic. If compromised, the web calls made by your wireless headset could end up forming part of a DDoS (Denial of Service) attack without your knowledge.
2) Email? Is That Still Going?
Phishing, delivering viruses, and spreading malicious links through companies via email are almost prehistoric hacking techniques. Unfortunately, they're still the ones that usually get decent results for hackers after thirty solid years of causing havoc. BEC (Business Email Compromise) usually targets larger, richer businesses today, but anyone can be affected. Hackers will spoof or imitate legitimate emails, relying on the user to manually click or download a malicious attachment. In most cases, this will encrypt or destroy files or the OS itself. The hackers will then demand a ransom payment, typically in a cryptocurrency.
Make sure that all users are up-to-date with recognising fraudulent emails and spam. Regularly backing up vital data in a secure, offline location can neutralise any ransom demands you might receive.
3) The Public Wi-Fi Exploit
Many businesses use wireless routers configured to run a regular 'public' (WPA) protocol instead of 'private' or 'closed' (WPA2 or WPA3). While easily overlooked, routers that have public 'sign-in' criteria with a single password (as opposed to a range of fixed login credentials) retain their relative accessibility to outsiders.
While this may not be an issue for open businesses with free Wi-Fi such as coffee shops, office networks might receive some unwelcome visitors. Disgruntled workers, former employees, and outsiders who have obtained confidential data might be able to get into places and files they shouldn't see via the WPA trick. It's best to keep your logins fixed, confidential, secure, disposable, and time-limited. For similar reasons make sure that any VPN or printer login credentials given out by your business are kept secure and are given out on a need-to-know basis.
4) Leave That USB Stick On The Ground!
On-site (or physical) attacks are extremely effective, yet are not considered as much of a potential threat as they should be. The most common vector is removable media. Some of the most effective attacks we know of have been carried out by an agent mixing a rogue USB stick into workplace clutter. Plugged in by a curious (or hapless) employee, the malware hidden on the stick is instantly deployed. On a more mundane level, truly dedicated cybercriminals have resorted to posting 'free' USB sticks to home users in the hope of infecting their devices with ransomware.
It's now recommended that any unregistered physical media is banned completely by company policy from the workplace. If USB drives are mission-critical or you think that's a bit too draconian, there are alternatives. Make sure that your drives come from a fixed stock, aren't taken out of the building, and come with serial numbers and identifying marks printed on.
Find Out More
Data security precautions don’t stop when the time comes to recycle your IT assets. If you need any further help with data security, contact us today.