These 2 simple things could save your business from a cyberattack

It’s interesting when I hear from CEO’s and business owners the usual “We are not big enough to get hacked,” or “Why would anyone want to target us?” What I always tell our clients is that the threat actors don’t care what you do, they don’t care how much money you make, all they care about is that you make it, all they care about is that you have an open system, or you fell prey to a phishing, or spear phishing attack, and they have a system to take over.

I always like to help and educate people on the fact that threat actors from a 3rd world country don’t need to get a $500k ransom from you, they are just as happy getting 100 $5,000 ransoms.

So, you’re wondering how the lack of standardization is the cause of your business getting hacked?

1. No defined permissions set on user computers. It’s a wild wild west and everyone has ADMIN rights!

“We don’t need centralized users; I trust everyone here to do the right thing,” is the typical response that I come across when speaking with clients. Let me explain what I mean here. If people in your company are logging onto a machine with a local administrator or domain administrator account, there is no way to restrict or even begin to put in place any processes that could potentially prevent this user from installing malware, ransomware, keyloggers, etc., regardless of how good their anti-virus is. What I mean here is yes, even the CEO of the company should not be using an administrator account of any kind! The problem again, doesn’t lie with the end user not being trusted, the problem lies with the fact that everyone is human, and humans make mistakes, so clicking on a link that seems legit, but is not, might be what gets the CEO’s system breached with a malware loader, from there the threat actors are able to spread laterally across the network infecting the data drives and backups. All of this could simply be prevented by limiting what a user can and can’t do. You can either create a local user account on the machine and make it a limited user instead of an admin, OR use Active Directory either on-site or Azure AD in order to control the permissions of users and logins from a centralized location. If you are already using Office 365, here is the article that talks about why you should also use Azure AD, since its already included with your subscription READ MORE HERE. This simple measure of limiting what users can and can’t install on their machine could be what saves your company from getting breached.

2. Yes, I have antivirus installed, and I make sure its updated, so I am safe!

This is always a good one to hear as well whenever cybersecurity is brought up in a conversation. So I’ll help debunk this for everyone as well. Contrary to what many people think, anti-virus doesn’t protect you from many threats out there because a lot of ransomware infections actually use legitimate programs and windows features to scan networks, run PowerShell commands built into windows in order to lock the data and encrypt systems. The loaders is what the hackers use initially to infect the system prior to using off the shelf software and baked in windows power shell commands to wreak havoc on your network. An AntiVirus can however detect these loaders, but only if you are running the latest definition update.

But lets assume an anti-virus can prevent a breach, let’s imagine a scenario; a company has 10 users, there is a central network attached storage or a local server, where data is stored and shared between users. Laura, who is not very tech savvy, and generally struggles with attaching a file to an email, doesn’t check her AV for updates, (again that lack of standardization). As a matter of fact, unless you are running a centralized anti-virus solution in your company such as the one that is monitored and managed from a central portal, chances are very good that everyone is on different virus definitions and possibly even a different antivirus solution all together. I don’t think I need to go into much explaining why this is a bad thing… All it takes is for the threat actors to find the weakest link, in this case it’s Laura’s PC, to get infected with a loader, and from there spread to the server or file storage and the local backups. Unfortunately, at this point, its too late to do much about it, even if everyone’s AV solution is up to date.

Simple actions to take to prevent this from happening!

I hope that the few things that we can take away from this is that not having standardization and limiting permissions are the two most common ways businesses get breached. Here are some steps you can take to address these problems right away:

  1. Limit user permissions – Odds are you don’t have to install software every day, so there is no reason why you should be using your system as an admin, regardless of your position in the company! Create a local limited user account, the annoyance of having to retype the administrator password when you are installing or updating a program is a small price to pay. You can alternatively configure Azure AD that is free with your Office 365 subscription. Read this article about it.
  2. Get a standardized version of antivirus loaded on everyone’s computer right away – Don’t trust that end users will keep up and update their own computers. You must have systems in place that ensure everyone is always up to date.

If you are not sure how to configure Azure AD or standardize your antivirus, there are a lot of resources available on the web. However, AlphaCIS specializes in cybersecurity and Managed IT services (MSP). So, if your business needs help, or if you think your systems have been breached, and you need professional help, please schedule a quick discovery call with us to see how we can help.

 

author avatar
Dmitriy Teplinskiy
I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity