By: Secure Network Technologies
July 2, 2021
Now is not the time to sugar coat the severity of the damage that cyber criminals can do to your organization. We cannot – we are in the battle every day negotiating with some of the worst criminals hellbent on taking down your company for a digital cash ransom. With this in mind, we have written this guide to help you through some of the misconceptions about network security.
Here are 10 ways you might be mistaken about your network security. It’s important to get honest because your business, your job and your coworkers’ livelihoods will be at stake in the coming years, given the extreme increase in attempted hacks facing everyone from coffee shops to Fortune-50’s.
Mistake #1: “We just need an external penetration test, not an internal one. Let’s save the money.” This is a sure-fire way to limit your view of your network security. 75% of all cyber security incidents are because someone hacked their way to the inside of your network through a previously unseen vulnerability. Some of the world’s best IT professionals still are not trained or well-equipped to understand all the holes in your network. Do not let yourself get blindsided; get a routine, comprehensive pen-test and make sure you are covered from the inside out.
Mistake #2: “All my users need to be admins.” The goal is to keep as few admin-level access accounts as possible. The more people who have access to your network, the more vulnerabilities will be ripe for the picking for an experienced hacker. Each additional admin account is a multiplier added to the pool, which a hacker will target for a phishing attack to gain admin-level credentials.
Mistake #3: “Linux cannot be compromised.” This is another risk that few sysadmins pay attention to because it is an erroneously held assumption. In recent years we have worked on an increasing number of sophisticated Linux malware attacks and incidents.
Mistake #4: “Cloud services completely secures me.” We see numerous hacks originate from the cloud. It can be hacked, and you need penetration testing. Most importantly, multi-factor authentication on everything.
Mistake #5: “My Facebook account got hacked.” Probably not, but you gave someone your credentials. You may not know howyou gave someone your credentials, but we guarantee they did not brute force their way into your account. It might have had to do with inviting hundreds of your friends to play Farmville or Bejeweled via your Facebook games integrations.
Mistake #6: “We don’t need a security pen-test, our IT guys can do this.” We have confidence in many technology solution providers, but for some, this might not be their expertise. Our skilled security professionals go through rigorous training and even more intense certification testing to learn how to hack like the bad guys. IT professionals may not pursue these certifications and depth of hacking skills development. You need an expert who can ethically hack thousands of companies to provide you the best defense against the cyber criminals.
Mistake #7: “RDP is safe if you change the port.” RDP (Remote Desktop Protocol) smells like warm cookies coming out of the oven to experienced hackers. There are several crimeware tools available that make hacking into RDP extremely easy. If it mustbe used, you need to make sure it is behind a seriously well-configured VPN… but even then, we will not recommend enabling RDP for any device on your network.
Mistake #8: “We’re too small to get hacked.” If you have money, then you can get hacked. Here is a partial list of some recent client types we have had to provide incident response for in just the last year:
- Religious Organization
- Shoe store (not a chain… just a regular old mom n’ pop shoe store)
- Small Credit Union
- Website Design Agency
- Various Small Accounting Firms
- Preschools, Grade School, High Schools and Higher Education
- Non-Profits (there are some sick and twisted hacker groups that specifically target NFP’s)
- Local News Networks and Publications
- Etsy & Amazon Sellers
- Golf Courses
- The list goes on.
Mistake #9: “We have Cyber Insurance.” This is a means of protection, but if you get hacked, it will most likely be one of the worst days of your life. It will take months, maybe even a year, to recover your information. Some never fully recover and even go out of business. Cyber Insurance is great to have, just make sure you know what is in your policy (cover your data andcustomer data) and have a solid security protocol in place such as a digital security partner and a regular pen-testing schedule.
Mistake #10: “My network is impossible to hack.” Every network can be hacked. Even if it is not connected to the internet. Contact us to learn how.
If you recognize even one of these mistakes … It is crucial to take the right steps, so these criminals do not stop your organization in its tracks. The right partner will be able to secure you in every way possible and respond appropriately when even the most hardened network is targeted by a talented criminal group. Do not let it happen to you – get a security partner and get on a regular penetration testing schedule.