Businesses aren’t Too Small to be Hacked

One of the big misconceptions is small businesses think they’re too small of a target for hackers. The truth is that every business that’s out there, every individual, could potentially be hacked at any time. No matter what security you have in place. No matter what you think you’ve done to protect yourself, it’s probably not enough. You need to take that extra measure. The game changes on a daily basis; everyday there’s a new virus. A new exploit that’s released. A new cleaver criminal that’s figured out how to utilize technology to not only steal your money & identity, but take away that security of having doing business in the cyber world.

It went from disruption when it was back in the 80’s and 90’s. Disruption was the reason why they do it, was almost like a contest. Could you hack the NSA, could you hack this could you hack that, but now it’s about can I get that social security number, can I get your kids names. When you’re hacking somebody you’re gathering that kind of information, they’re seeing where you do your banking and everything. When they go to log into your bank account and that verification pops up that says what was your pet’s name? What’s your kid’s name? So, they’re getting as much information as they need to get into your accounts to understand how you operate as a person. And even on a local level! Facebook! Your Facebook… Everybody’s got a Facebook… Just about everybody uses that as this diary that they’re constantly posting their vacations, where they’re going what they’re doing. What you do when you post… well, a lot of people will post prior to the time they take a vacation that they’re leaving for two weeks on vacation, and that’s just an invitation for people to come… The house will be unoccupied for two weeks please come in, take what you want and leave.

How easy is it to hack? One of the big problems is you can have the best very best firewall, you can have the best security person on staff, you can have the best user names and passwords in place. What they do and the easiest way to hack a company, I’ve done this for companies just to show them how easy it was… I have hacked ethically for people. So, what you do is pick up the phone, you call that company and the person at the front desk picks up, and you say, “Hi this is Pete Avery from Charter Communications and I’ve noticed that you’ve some problems on your line.” “I’m going to call back in about 5 minutes after we make some adjustments just to see how your speed is.” You hang up the phone. Five minutes later you call back. You say, “Hi, this is Pete Avery again… you were anticipating my call, right?” “Okay, I need to log onto your computer.” “Go to this website and click this link.” After you click the link that person can log right onto your computer, see everything you’re doing, put software on your computer and now they have free reign on your network. So, you have to be very careful. So… those good security experts are going to put some things in place to protect that users rights on the network. But, still… any person that has the ability to log onto that network opens you up to some sort of potential hack there. It is that easy.

We just went through a training session with one of our customers, this was about four months ago, where all of the employees were educated on this particular type of hack & also an email hack. They would get an email that would come in, they’d click on the link given and it would say you need to change your password. The web page would open up, they’d enter in their current password and then put in what they thought would be their new password. We did this intentionally to see if the training worked. Well, out of 90 employees 12 of them actually clicked on the link and changed their password. So, an ounce of prevention is worth a ton of cure, but in this particular case it shows that people are very short-sighted or very gullible and easily tricked. Now gullibility is a harsh word, it’s not really gullible it’s just not what they are used to; not savvy. So, constantly educate your employees, constantly educate your family members and don’t just let anybody come in and change your password for you.” Good rule of thumb is if you are not initiating the call to a service provider or Microsoft or whatever entities calling. If you’re not calling them first probably they’re trying to get your information and trying to hack.

Leave a Reply

Your email address will not be published. Required fields are marked *