Not a month goes by without news of some high-profile hack. Trade secrets, unreleased software or social network credentials seem to flow out of secure systems with ease, and it may seem like there is no way to keep private data secure. While no system is completely attack-proof, here are five ways attackers use to breach computer systems.
The easiest has nothing to do with computers at all. An attacker calls pretending to be a member of IT support staff. There seems to be a problem with your email account, they claim. Would you please state your password so support staff might gain access and resolve the issue?
Social engineering is the quickest means of breaching computer systems. We want to believe that others wish to help, and often assume the best of intentions from the fast-talking attacker at the other end of the phone line. While this attack is the easiest to perpetrate, it is also the easiest to defend against.
Planting viruses is another path into secured systems. Viruses are a versatile tool. Attackers may place them in freeware downloads to snare anyone who runs them, or specifically target them at email addresses by disguising them in spreadsheets and other innocuous documents.
As with social engineering, viruses are usually easy to defend against by avoiding untrusted files from untrusted channels. IT management can also enact policies to help, such as blocking downloads at the firewall level and re-installing machines regularly to keep infections from taking hold.
Existing security exploits are often used to gain illicit access to computers. Flaws are regularly discovered in all types of software, from operating systems to word processors. Attackers strive to keep informed on recent security flaws while discovering new ones, giving them ways to breach systems that are ever evolving.
While installing operating system updates may seem like an annoyance, it is the surest way to defend against an attacker’s use of security exploits. Web browsers, email clients and office suites often communicate with or consume data from the outside world, and are also common vectors of security exploits.
It might be surprising to learn how many users use “password” on even the most secure systems. In fact, during the Cold War, the secret launch code for all American nuclear missiles was 00000000. It costs an attacker next to nothing to try a common set of passwords against an organization’s accounts. Similarly, many organizations share passwords to some online properties.
IT management can help avoid this by establishing strict password requirements. Additional authentication steps such as two-factor authentication are also helpful. Finally, regular system security audits are key in catching security mistakes.
Attackers also enter systems by compromising external accounts. With access to a user’s externally-hosted email address, for instance, someone can request password resets on any sites they use. This may include internal, secure systems behind corporate firewalls.
IT support might set up internal email addresses to combat this. Hosting all services on-site facilitates establishing requirements for stringent security, and permits the types of audits necessary to prohibit attacks via outside accounts.
The most important thing to do to prevent such attacks is to remain vigilant. Change your passwords regularly. Install antivirus software. Upgrade your firewall and speak regularly with your IT support team. It pays to know as much as possible about breaches, so read about an additional 5 breaches here and consider your education ongoing.
It pays to be cautious. When it comes to your business, information security should be a top priority.