4 ways hackers steal credentials & how to protect your business…
Whether you’re a business or an individual, it’s an unfortunate fact that you will very likely experience some form of cyber hack in your lifetime.
However, the repercussions of cyber-attack for an individual are infinitely less serious than those for a business. Businesses that suffer cyber-attacks can end up paying out huge sums that can result in them going insolvent. Meaning it’s vitally important as a business owner that you prevent this from happening at all.
Let’s use two common scenarios to explain…
For individuals… You receive a message from one of your social media platforms notifying you that your account login has been used from a foreign location or device. You login to find that someone has been posting pictures on your account.
You take action by removing all images, changing your account password and remotely logging out from all devices. Perhaps you also change your password for various other accounts, including your email, just in case these have also been leaked somehow. Lastly, you apologise to your followers for any offensive material shared. Problem solved.
For businesses, on the other hand… Your systems are far more complex than a social media account. With hundreds of users, logging into systems from various locations and devices, it’s more difficult to track unusual activity. This means it takes you longer to realise that someone has hacked your CRM, where all your customers’ personal information is stored.
It appears your entire database has been compromised. All your customers’ emails, addresses, passwords, banking information has been leaked. As well as preventing business operations until the systems have been recovered, this hack has forced you to inform your entire customer base that they too may be at risk of cyber-attack. This results in a loss of confidence from your customers and ultimately, loss of business. Not such a simple problem to solve.
Staying one step ahead of hackers is absolutely essential as a business and to do so, you must understand how your credentials are being hacked to begin with. That’s why we’re here to share the 4 ways hackers steal credentials and how to avoid falling victim to these methods.
We’ve touched on this in previous blogs, however, it’s worth mentioning again that phishing is one of the most common ways business credentials are compromised.
Reports show that over 70% of all cybercrimes are a result of phishing. This technique would most commonly involve your employees receiving an email from what appears to be a trusted and legitimate contact, asking for personal information. They might be redirected to a link or a malicious attachment where they input their information and give the hacker the means to login to your systems and do what they please.
It only takes one click on a dangerous link, from a well-meaning member of your team, that could mean the difference between a thriving business and a disruption so severe that it makes trading impossible.
But how can you prevent such attacks happening in your business?
You should make sure you have integrated a sophisticated email security software into your business, which detects cyber-attacks, including phishing, business email compromise, account takeovers, identity spoofing, and credential theft. Your business must use an email security platform that allows you to monitor unusual email activity and respond immediately by quarantining any potential threats.
As well as this, you should ensure your staff are prepared for an attack at any time. Enable your staff to go on verified cyber security training courses to teach them how to respond to hacking threats, fake emails and general security attacks and what the correct procedures are around handling your business’s sensitive data.
As a customer of Virtuoso’s ThreatProtect cyber security package, you will receive the most sophisticated email security software for your business, managed by us. We will monitor your business emails and actively quarantine any emails that may be harmful. We can also provide your staff with valuable cyber security training, helping them recognise threats before they have a chance to strike!
Something as simple as this will ensure that your workforce reacts to threats in the right way, preventing your business from falling victim to phishing attacks. Remember, phishing is one of the most popular ways hackers steal credentials!
If you’ve heard of it, you may have put two and two together and figured out that ransomware is a form of malware (malicious software) that holds your business to ransom.
This might begin from an employee clicking an innocent link, or downloading a file they believed was safe. But what it leads to is cyber criminals taking control of your data. Not only can they steal your credentials through this method, but they can deny you access to your files and systems until you’ve paid a ransom of their choosing.
What can you do to prevent ransomware in your business?
To prevent sophisticated attacks of this form, you must equip your business with something more robust than the standard anti-virus. Managed Endpoint Detection and Response (EDR) is now considered the best choice for your business’s IT security.
EDR should essentially be understood as the visibility element of your cyber security. When threats slip through anti-virus (as they very often do), EDR detects that activity and alerts you to the threat. With EDR you can restore all your business’s devices to their pre-threat state. Restoring infected machines to full productivity means that malware and ransomware are less likely to have such a devastating effect.
At Virtuoso, we specialise in providing our customers with next-generation EDR and management services. The software we provide will hunt, detect and respond to security threats in real-time, ensuring your business’s credentials remain safe.
By arming your business with the best virus detection software, you will have peace of mind that hackers cannot steal your credentials so easily.
3) Brute Force
We’re all guilty of it. Creating a password in a hurry, knowing full well that it’s not the most secure. Planning to change it later and forgetting!
These kinds of faux pas may be forgiving to individuals, but when creating passwords for your business accounts, you must never let this happen.
Why? Because hackers are more intelligent than ever. 81% of all cyber-attacks leverage stolen passwords. With tools like “Aircrack-ng” and “John The Ripper” at their disposal, hackers can easily crack weak passwords. There are various password cracking tactics, such as the dictionary method. Text samples are taken from common word lists and traced against login details. The hacker won’t stop until they find their match, which very often they do.
How can you stay safe?
To keep safe from brute force attacks, ensure your business accounts and employees’ laptops are protected with strong passwords. Even better – harness tools such as Windows Hello to facilitate fingerprint and facial recognition on devices, so that there are no passwords to crack!
For those that this isn’t an option for, you should integrate Microsoft Authenticator, a two-factor authentication application. This will ensure that your systems are protected and only granting access to authorised personnel.
If passwords are a concern for your organisation, we can help. Virtuoso are a Microsoft Gold Partner, qualifying us to advise on various cloud solutions that enable password and device management, such as Microsoft Azure.
By integrating tools to support your employees in choosing the right passwords, your business will be better protected from hackers trying to steal your credentials.
4) Dark Web
The most troubling fact about data is that you and your business may be doing everything possible to protect it, but that doesn’t mean all organisations are.
You can’t avoid giving your information out, as it’s required every time you sign-up for a new account or subscribe to website. But if these websites aren’t safe, neither is your information.
When data is stolen by a hacker, there are two things they could do with it. They might use it to attack your business. Or, they might sell it.
The dark web is a part of the internet only accessible by private authorised access, or by using specific configurations or software. Unfortunately, it’s abused for criminal activity. This is where criminals could sell your credentials to multiple buyers for a high-price. If your organisations experiences a breach of credentials on the dark web, you could easily be under digital assault from hundreds of attackers.
So how can you avoid this?
Regular dark web scans are the only way you can ensure your credentials are not being sold online. A dark web scan can be carried out quickly and easily by a cyber security expert, like Virtuoso, and will check for any usernames, password, security numbers, credit card information and employee or customer information that might be online.
If you are a customer of Virtuoso’s ThreatProtect, you will receive a dark web scan every 90-days, or upon request if you fear credentials have been leaked. This will allow you to act quickly in preventing credential trading before it has a chance to damage your business.
Get help from the experts
Whether you’re a recent victim of cyber-crime or just wanting to ramp up on your business security, we can help.
We will risk assess your business in our very first conversation, to ensure that any pressing issues are addressed before it’s too late.
With our comprehensive suite of cyber security tools, we can ensure your business remains protected from credential theft and other types of advanced cyber-attacks.
Get in touch today to guarantee your business stays safe!