Monthly Archives: September 2017

Business Social Media Accounts

You’ve probably seen it before: A high-profile company sends out a string of bizarre or inappropriate tweets.

It happened to McDonald’s, when its Twitter account was hacked and a message mocking President Trump was posted. Duke, BBC North America, Forbes and Amnesty International were all part of a larger hack into several Twitter accounts.

The threat of embarrassment and backlash is enough to make a social media manager or business owner nervous about what can go wrong at any moment. What can you do?

The upside is that securing your accounts can be done without too much difficulty. Sticking to many of the same protocols that you’d use for securing your everyday bank, social media or email accounts will put you in a much better position to protect your accounts – and your online reputation. Here’s how to do it.

 

Create a complex password

If a secure password is essential for your personal bank account, imagine how important it’ll be when it comes to safeguarding the reputation of your business.

There are some agreed-upon password practices that you ought to put into practice. For example, when creating a Google account, the company recommends you use a mix of letters, numbers and symbols. Also, passwords shouldn’t be duplicated, particularly with such important accounts.

And while it might seem like an annoying task, change passwords from time to time. This is especially critical if someone on your team had the password and leaves the organization.

Small Businesses Need to Learn

Things look dire for the current state of IT security in the U.S. and U.K., according to a report published by RiskIQ, a digital threat management firm. This is based on a survey, conducted by IDG Connect, answered by 465 persons in charge of making IT security decisions at organizations with at least 1,000 employees in these two countries. But that doesn’t mean there’s nothing you can do. Here are some lessons your business needs to learn, sooner rather than later.

 

1. Most IT security threats come from outside an organization.

A threat can originate from within your organization, such as personnel who may have accidentally or intentionally compromised your organization’s IT security. But respondents to the survey said 75 percent of issues they had experienced came from someone acting outside their organization. Make sure your employees go through security training and awareness programs so they are well equipped to stop attacks from the outside.

 

2. The web is the biggest security issue.

More than 70 percent of survey respondents said they had little to moderate confidence in fully protecting their organization’s IT from threats originating from the web. What’s more surprising is that 60 percent said their organization experienced security issues stemming from mobile devices. This lower number may be due to policies for using mobile devices at work that could be stricter than those for using an organization’s computer.

 

3. Ransomware and malware that messes up browsers are the biggest threats.

Survey respondents reported 44 percent of their security incidents were due to malware that locks up browsers or triggers ransomware. Most of these are executed because of an insecure browser: An employee visits a site with malicious code hidden in it that downloads automatically or tricks the employee into clicking something to trigger it. Again, training is so important.

 

4. Phishing is an equal problem.

Many employees do not take enough care when it comes to clicking links in their emails or on the web that could harvest their personal data or lead to malicious things such as malware. Phishing attacks were on par with malware, having affected 42 percent of the survey respondents.

 

5. Keep an eye on your domains.

Threats to survey respondents’ domains – such as getting hijacked, or their DNS getting attacked – happened to 42 percent of them. So, the security of your organization’s online addresses needs to be treated as the same level of importance as malware and phishing.

Devices Putting Your Organization at Risk

In the offices of today’s small and midsize business, you might find a vast array of smart devices, such as printers, cameras, utility sensors and door locks, all of which can communicate with other devices through wireless connections. Even the staff break room is beginning to benefit from next-generation technologies, such as smart refrigerators and smart coffee makers.

Although the internet of things (IoT) has ushered in a wealth of efficiency through connectivity, it has also created millions of new attack surfaces due to weak security design or administrative practices. Not only have devices themselves been attacked and compromised, hackers have used the devices collectively in botnets to launch distributed denial-of-service (DDoS) attacksagainst websites and company networks. The Krebs on Security website, for example, sustained one of the most powerful attacks to date, in which the Mirai malware “zombie-ized” a bevy of IoT devices connected to the internet that were running factory-default usernames and passwords.

 

Security Risks With IoT Equipment

Many IoT devices weren’t designed with strong, configurable security. Some devices have a hard-coded password that can’t be changed without a firmware update, which may not be available because the vendor simply hasn’t created it or the product is no longer supported. Another potential problem is malware infection of apps that control IoT devices.

David Britton, vice president of industry solutions, fraud and identity at Experian, warns that Universal Plug and Play (UPnP) is a related concern, especially regarding wireless routers.

“Several routers support this auto-connecting capability, and some have UPnP enabled by default,” Britton said. “UPnP allows devices to immediately recognize and connect to a network, and even establish communications with other devices on the network without any human intervention or configuration. The challenge from a security perspective is that there is reduced visibility or control to the administrator as to when those devices come online, or what security permissions they may be invoking.”

Britton also points out that the diverse set of technologies and connection protocols used by IoT devices, such as Wi-Fi, Bluetooth, RFID and ZigBee, present an additional layer of complexity. Each type of connectivity comes with different levels of security and different administrative tools. For small shops that don’t have in-house tech support, trying to stay on top of it all is difficult at best, making them even more vulnerable to attack.