Connect with us

Technology

Small Business Cybersecurity Threats and How to Fix the Fox

Published

on


Just because your business isn’t on fortune 500 list, it doesn’t guarantee it’s threat free. If you think hackers attack only the big boys and girls, you may be shocked by these stories. Here are small business cybersecurity threats and how to fix the fox.

There are undeniable stories about small business cyber attacks.

Do you know that Escrow of California was forced to shut down when cyber thefts nabbed $1.5 million from its account? These criminals gained access to the company’s bank data — using a form of “Trojan Horse” malware.

Green Ford Sales, a car dealership in Kansas, lost about $23,000 when hackers broke into their network and swiped bank account information.

Many cybersecurity issues go unreported — they rarely make news headlines.

Shocking one is how cyber thieves drained $1million from Wright Hotel’s (a real estate development firm) bank account. They gained access to the company’s email and used the gathered information to impersonate the owner. These hacks convinced the bookkeeper to wire money to an account in China.

Symantec, one of the leading cybersecurity companies in the world also affirmed in a report that  Attackers Target Both Large and Small Businesses.

Do you know why your business is vulnerable to cyber threats?

  • Your business bank account is loaded with cash.
  • Your company’s security measures aren’t sophisticated enough.
  • Your company directly or indirectly keeps customers’ vital data.

Level up your company’s security against cybersecurity threats using some unconventional approaches.

#1 Watch out for ransomware attack.

Ransomware is one of the most common methods hackers implement. Many small businesses have been ruined because of it. Ransomware is simply defined as malicious software that once it takes over your company’s system, you’ll have to pay a ransom to cybercriminals to get back your stolen data.

According to research by Cyber Security Ventures, a new ransomware attack occurs every 14 seconds. The total number of ransomware attacks will hit 11.5 billion by 2020. Sadly, a ransomware attack can put you out of business because the cost to recover whatever the hackers stole from your company is outrageously high.

Practical measures that can save your business from getting attacked by ransomware:

  • Always keep your operating system(OS) patched and up-to-date: If you’re clueless about how to handle this case, it is advisable to hire an IT expert who is a gladiator in this field to oversee this affair. Also, make sure your employees heed to this rule to prevent loopholes for the attack.
  • Install antivirus software that can detect malicious programs like ransomware as it attempts to feast on your network, and also a whitelisting program that restricts unauthorized applications from executing.
  • Do not install any program or software unless you’re fully aware of what it is and how it works.
  • If your business can hire an IT expert, that’s good. Just make sure that you hire someone ready to take your business safety seriously as if it was their own. But, if you can’t hire at the moment, don’t feel excluded. Just make sure that you and your employees do the needful.

#2 Watch out for spear-phishing attack.

Phishing is another serious cybersecurity threat trending in this age. Actually, this malware targets organizations via email. Many individuals, business organizations and so on are inherently eager to find out what’s in the box.

This form of attack comes in a friendly way that you’d least suspect a thing. Here, hackers trick their targets into opening —  an email, instant message or even a text message.

Trend Micro, a security software firm, reported that  94% of targeted email use malicious file attachments as the infection source. He also revealed that 91% of cyber attacks begin with a “spear-phishing” email.

Research also estimated that there are around 400 phishing attacks every 24 hours and nearly 30% of them are pretty much successful.

Since small businesses are the major victims of spear phishing, here are practical tips on how to save your business from this attack.

You and your employees must avoid clicking on links from unknown senders, especially when the email takes these following formats:

Internal request format:

“ We noticed and have been alerted of a potential breach of our company server. At this time it doesn’t appear that any sensitive information was compromised.

However, we need to take some measures. If you haven’t done so — kindly click here___to reset your email password. We will keep you in touch.

Thanks.”

Government threat format:

” Dear Taxpayer,

This is an automated mail. Do not reply here.

We’ve noticed your account information is incorrect. And we need to urgently verify your account before you can receive your tax refund.

Please click here (…..) to verify your information.

Thanks.”

There are a lot more of phishing email formats that hackers use to cajole people into clicking the attached link in the email they usually send. Be very cautious with any messages you open.

You and your employee should attend seminars and training on cybersecurity awareness.

There are a lot of benefits associated with this. The training will enlighten you and your team on the increased sophistication attacks that target your current position. It will also teach you and your employees how to identify any phishing email when you come across them and many more.

#3 Watch out for BYOD( Bring Your Own Device).

BYOD is great. It’s more convenient and efficient for employees to work with. But, you shouldn’t neglect the fact that it’s very risky. Small businesses are very much vulnerable to data theft, but the possibilities increase when employees are using unsecured mobile devices to share and access the company’s sensitive data.

To save your company from being the next victim you should establish a rock-solid BYOD policy that every employee will understand and adhere to. This policy will aim at educating your employees, and ensuring that their device will only access the company’s network through a secured channel.

In addition, ensure that all the connected devices have proper antivirus and firewall installed.

#4 Watch out for fraudulent apps.

Do you know that all the apps you find in app stores are not completely safe to download and install? Hackers have also leveraged this opportunity to create some work-tool apps that boost daily productivity.

Once an employee (that handles sensitive information) installs the info on their device, it puts them in control of the company’s personal data. Hackers can use these malicious apps to gradually breach the entire company’s network once the employee connects to the company’s network.

How can this fox be fixed?

  • The entire functioning personnel in the company must be aware of this kind of threat.
  • A strong warning on this should be announced: ‘’ Don’t download apps just because you find the reviews appealing to the eyes; consult the company’s IT expert for App approval.”
  • Make sure your services are up-to-date because if they’re not, your business might be at risk.
  • Consider up-skilling members of your company’s IT.

#5 Watch out for weak/hackable passwords.

Weak or hackable password has wreaked havoc on so many small businesses. If you and your employees are still ignorant of this fact, then your company might be vulnerable to this threat.

  • A study on “The State of Cybersecurity in Small and Medium-size Business,” that was carried out by the Ponemon Institute in 2018. They reported that 60% of those surveyed revealed that negligent employees as being the root cause for a breach compared to 37%  that is pointing to external hackers.
  • About 32% of respondents said that they can’t state the cause of their data breach in the last 12 months. Additionally, about 40% of respondents said that their companies experienced data breaches due to employees compromised passwords in the past 12 months.
  • Around 19% of IT and security professionals believe that password protection and management will be increasingly critical compared to last year.

A better way to improve your company’s encryption and authentication process would be to:

Implement a two-way authentication method instead of the regular password that can be scooped up by hackers.

Implement a biometric authentication method.

Implement training that will educate you and your employees on how best to manage and secure passwords.

#6 Watch out for DDoS (Distributed Denial of Service) attacks.

Small businesses still regard DDoS as an old-time internet attack. In a real sense DDoS attack is still active. Did you know that the DDoS attack doubled in 2017 and it is still growing?

If you’ve been overlooking the effect of this form of attack, I’d advise you have a rethink. This attack is not only capable of compromising your data, but it can also damage the quality of services you offer.

The attack can entrap your young business with huge amount of web traffic, which automatically slows down your website’s speed. DDoS can make it difficult for customers to do business with you through your website. Consequently, you might end up losing both your customers and revenue.

What is the fix for the DDoS attack?

It’s completely impossible to stop a website from being targeted by DDoS attacks — but you can strategically minimize the attack using the following:

  • 1. Make sure that there is extra bandwidth available. This will give your server more room to accommodate unexpected spikes in traffic.
  • Revamp the security of you and your employees IOT devices.
  • Always be on the constant watch of your traffic level.
  • Hold seminars that will train your staff on how to handle DDoS situations.

Your best defense is an offense. An attack may still target you, but you can minimize the impact by getting directly on a fix for the issues.

You will be less likely to fall under attack if you and your employees all stay alert to the dangers of attacks — believe these can happen — and take these precautions.

The post Small Business Cybersecurity Threats and How to Fix the Fox appeared first on ReadWrite.



Source link

قالب وردپرس

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

RF Modulation: Crash Course For Hackers

Published

on


When you’re looking to add some wireless functionality to a project, there are no shortage of options. You really don’t need to know much of the technical details to make use of the more well-documented modules, especially if you just need to get something working quickly. On the other hand, maybe you’ve gotten to the point where you want to know how these things actually work, or maybe you’re curious about that cheap RF module on AliExpress. Especially in the frequency bands below 1 GHz, you might find yourself interfacing with a module at really low level, where you might be tuning modulation parameters. The following overview should give you enough of an understanding about the basics of RF modulation to select the appropriate hardware for your next project.

Three of the most common digital modulation schemes you’ll see in specifications are Frequency Shift Keying (FSK), Amplitude Shift Keying (ASK), and LoRa (Long Range). To wrap my mechanically inclined brain around some concepts, I found that thinking of RF modulation in terms of pitches produced by a musical instrument made it more intuitive.

And lots of pretty graphs don’t hurt either. Signals from two different RF dev boards were captured and turned into waterfall and FFT plots using a $20 RTL-SDR dongle. Although not needed for wireless experimentation, the RTL-SDR is an extremely handy debugging tool, even to just check if a module is actually transmitting.

Amplitude Shift Keying

As the name suggests, with Amplitude Shift Keying the amplitude is shifted between two levels, like playing a single note (frequency) on a piano loudly or softly, to represent binary data. ASK modulation’s main advantage lies in its simplicity, which allows for very cheap hardware. It is also very bandwidth-efficient since it only outputs on a narrow frequency band. However, ASK modulation is badly affected by interference, which limits its effective range. A simplified form of ASK modulation is On-Off Shift Keying (OOK), where the transmitter is simply switched on (1) and off (0). This has a power saving advantage since no power is emitted for a 0 symbol. ASK is often used in cheap RF remote controls for consumer devices and automatic garage doors. RF modules that support more complex modulation schemes often can also do ASK and OOK modulation.

ASK (Left) and OOK (RIGHT), both transmitting at the same power level. Note how much less accumulative power is output by the OOK signal

Frequency Shift Keying

In Frequency Shift Keying the transmitted signal shifts between two different frequencies to represent binary data, like two different notes from a piano. This would technically be 2-FSK modulation. Four different frequencies can also be used (4-FSK) to represent 01, 11, 10 and 00. FSK uses more bandwidth, but is less susceptible to interference than ASK, allowing for a much longer effective range up to multiple kilometres. On real hardware, the rapid frequency changes can cause the desired frequency to be “overshot”, creating interference. To solve this, a common variation on FSK is Gaussian FSK, where the shifts between frequencies are smoothed to help reduce the effective bandwidth of the signal. Bluetooth Low Energy uses GFSK modulation.

2-FSK (Left) and 2-GFSK (Right). On GFSK the intermediate frequencies are visible from the “smooth” shift.

LoRa

LoRa modulation, with the sweeping “chirps” clearly distinguishable

The current darling for long range applications is LoRa, which most Hackaday readers would have heard of many times. LoRa is a form of “chirp spread spectrum” modulation. The “chirp” signal sweeps smoothly across specific frequency range: usually 125 kHz, 250 kHz or 500 kHz wide. How long the sweep takes to complete is determined by the “spreading factor” (SF). The SF is between 7 and 12, which is equal to the number of bits encoded in each chirp. A higher spreading factor reduces the data rate, and increases power consumption, but also makes it easier for the receiver to distinguish the signal from background noise, and helps with longer-range transmissions. Data is encoded by shifting the start frequency of the sweep. When the sweep reaches the end of the top frequency, it “rolls over” and start again from the bottom frequency.

LoRa modulation allows for good receiver sensitivity and interference immunity, but it comes at the cost of bandwidth efficiency. Another disadvantage is the higher cost of hardware, partly due to the patent on LoRa modulation. All manufacturers of LoRa RF chips must pay license fees to the patent holder, Semtech.

Closing Transmission

When working with RF, it’s always a good idea to know what your local regulations are with regard to allowed frequencies and output power. You don’t want authorities knocking on your door for jamming everyone in the neighbourhood’s key fobs. If you stay within the ISM bands, usually 868/915 MHz and 2.4GHz, licensing isn’t required. However, you can always get your ham radio license, and access more of the frequency spectrum, at much higher power output to even achieve intercontinental communications.

The modulation schemes above are only some many in existence, each with advantages and disadvantages. You’ll probably end up with a few choices in your parts inventory, so don’t be afraid to play around with them for different use cases. And be sure to pull out an SDR dongle and have a look!



Source link

قالب وردپرس

Continue Reading

Technology

The next-gen Xbox’s secret weapon against the PS5 might’ve just leaked

Published

on



Both Sony and Microsoft are going to launch new consoles this holiday season, but it’s the latter might be doing things differently in 2020. Rather than launching just one console model, as Sony is expected to do with the PlayStation 5, Microsoft will reportedly release two new Xbox versions, one that will compete directly against the PS5 and one that will be slightly cheaper and less powerful. So far, Microsoft has only announced the Xbox Series X product name, but a more affordable Xbox Series S might also be in the works, according to recent leaks.

Previous reports referred to the two next-generation Xbox models by their supposed code names, Anaconda and Lockhart, but Microsoft never really acknowledged them. Now, a brand new leak seems to suggest that the Xbox Series S might be real, as someone has been testing an AMD processor that could power the cheaper version of Microsoft’s new console.

A detailed analysis of the mysterious AMD APU was posted over on Reddit, showing the chip’s benchmark scores in 3DMark 11 and Time Spy relative to known AMD chipsets. The APU includes a 4.0GHz octa-core processor and an unknown graphics processing unit, and it’s paired with 16GB of GDDRX memory shared between RAM (12GB) and VRAM (4GB) in these benchmarks.

From what can be gleaned from public benchmark scores and a private Time Spy scores, WinFuture says the unnamed AMD APU might deliver a graphics performance that would sit between 7.0 teraflops and 7.9 teraflops, which would be significantly higher than the rumored 4 teraflops performance of the cheaper 2020 Xbox model. This is just speculation though, as Microsoft is yet to reveal the actual specs of the new Xbox consoles.

Sony is widely expected to hold its PlayStation 5 event in February, but it’s unclear when Microsoft will reveal more details about the new Xbox models. A detailed PS5 leak said a few weeks ago that the affordable Xbox will be $100 cheaper than the $499.99 PS5, which, in turn, will be $100 less expensive than the Xbox Series X. Those claims are unverified as well, but once Sony unveils the PS5, we’ll be in a better position to tell whether the leaker had accurate information on hand.



Source link

قالب وردپرس

Continue Reading

Technology

China doesn’t need a Huawei ‘backdoor’ to launch a cyber-attack against the UK, experts warn

Published

on


The Chinese firm Huawei is set to play a role in building part of the UK’s 5G network infrastructure (Image: Getty)

China has better ways of hitting the UK with a cyber attack than trying to exploit a ‘backdoor’ in Huawei equipment, UK experts have concluded.

As the Government gave the green light for the controversial Chinese tech firm to play a limited role in the UK’s 5G network, the National Cyber Security Centre (NCSC) said the risk of its involvement was ‘manageable’.

Huawei is already subject to oversight arrangements which ensure that any ’embedded malicious functionality could be detected should it exist’, the analysis said.

The US has warned allies not to allow the Chinese firm to play a part in their 5G networks, arguing that it is a security risk due to its close links to the Beijing government, something denied by Huawei.

The firm’s activities in the UK have been overseen by arrangements including the Huawei Cyber Security Evaluation Centre (HCSEC) – nicknamed the Cell.

The NCSC said: ‘Due to the UK’s mitigation strategy, which includes HCSEC as an essential component, our assessment is that the risk of trojan functionality in Huawei equipment remains manageable.

‘Placing “backdoors” in any Huawei equipment supplied into the UK is not the lowest risk, easiest to perform or most effective means for the Chinese state to perform a major cyber attack on UK telecoms networks today.’

The NCSC did raise concerns about any single supplier of equipment being allowed to play a dominant role in the network.

SIPA USA via PA Images A Huawei logo is seen on top of an office building in Bucharest, Romania on May 1, 2019. (Photo by Jaap Arriens/Sipa USA)

(Image: PA)

The guidance issued by NCSC excludes ‘high-risk vendors’ such as Huawei from ‘core’ parts of the network, and sensitive locations including nuclear sites and military bases.

They will also be limited to a minority presence of no more than 35% in the periphery of the network, known as the access network, elements which connect devices and equipment to mobile phone masts.

The NCSC stressed that it was ‘important to avoid the situation in which the UK becomes nationally dependent on a particular supplier’.

It added: ‘Without government intervention, the NCSC considers there to be a realistic likelihood that due to commercial factors, the UK would become “nationally dependent” on Huawei within three years.’

National dependence on a high-risk vendor would present a ‘significant national security risk’, the NCSC said.

NCSC technical director Dr Ian Levy said Huawei had always been treated as a high-risk vendor and the authorities have ‘worked to limit their use in the UK’.

‘We’ve never ‘trusted’ Huawei and the artefacts you can see (like the Huawei Cyber Security Evaluation Centre (HCSEC) and the oversight board reports) exist because we treat them differently to other vendors,’ he said.

‘We ask operators to use Huawei in a limited way so we can collectively manage the risk and NCSC put in place a wider mitigation strategy, of which HCSEC is the most visible part.’

Ciaran Martin, chief executive of the NCSC, said: ‘This package will ensure that the UK has a very strong, practical and technically sound framework for digital security in the years ahead.

‘The National Cyber Security Centre has issued advice to telecoms network operators to help with the industry roll-out of 5G and full-fibre networks in line with the Government’s objectives.

‘High-risk vendors have never been, and never will be, in our most sensitive networks.

‘Taken together these measures add up to a very strong framework for digital security.’



Source link

قالب وردپرس

Continue Reading

Trending