As the rate of hacking continues to rise in 2017, our IT support team wants to remind readers of some ways to avoid common hacking behaviour. These are particularly relevant in the upcoming tax season, as even the CRA has reported an increase in hacking threats.
The following are common ways in which business are hacked, and some actionable advice from our IT support team on avoiding these scenarios:
Compromised Passwords
The most straightforward method of hacking is by cracking a user’s password. This can be done by “guessing” strategies and patterns, or by “brute forcing” the password through sheer number of attempts.
Compromised passwords can be avoided by having a strong password (including random strings of numbers and letters in different cases) and by having a request throttling mechanism in place. Two-factor authentication can be used to add a second layer of login credentials, usually through your mobile device or dynamically generated pin.
Outdated Security Updates
Old versions of software, such as WordPress, can open the door for hackers to take advantage of your website’s weak security.
Once your website is compromised, hackers have free reign over its contents for their malicious use. Here are some ways in which hackers can take advantage of access to your website:
- Gibberish Hack – The attacker may create many pages with gibberish content in order to have your website pages show up in Google Search. When people try to visit these pages, they’re taken to an unrelated website that benefits the attacker.
- Keyword Hack – The attacker will create new pages on your site with randomly generated directory names. They will then monetize your site by using affiliate links to sell fake brand merchandise.
- Cloaked Keywords Hack – Similar to previous hacks, the attacker will create many pages with keywords, links and images. The attacker will code the page so that it looks like a part of your website, hiding malicious content and disguising the page as an error page.
WordPress is constantly releasing new updates to protect its users from malicious hacking behaviour. Its most recent security update, WordPress 4.7.2., fixes common vulnerabilities for all previous versions of WordPress.
We advise you to always keep your website, content management systems and web servers up-to-date, and ensure that your data is properly backed up at all times.
Phishing and Ransomware
Using deceitful emails and web pages, attackers can gain confidential information or access from you without your knowledge. Recent phishing attacks can target your Google account, or commandeer access to your business’ services.
A Google study has found that some successful phishing schemes can have a 45% success rate.
Never give out any confidential information unless you’re sure about who you’re sending information to. In the case that your data is compromised, always ensure that you have proper backups in place.
Establish a Strong Security Policy
From establishing weak passwords, to giving away unnecessary administrative access, a strong security policy is needed to avoid the most common hacking behaviours.
Quicktech provides managed IT services to ensure that our clients are constantly protected against the latest trends in hacking. If you’re looking for an IT support service that not only backs up your data, but also provides strategic insights to accelerate your business’ growth, contact Quicktech for a free consultation today.