Removing the cyber backdoor
02 September 2022
According to cybersecurity expert Barracuda, small businesses are three times more likely to be targeted by cybercriminals than larger companies. There is a common misconception that SMEs have nothing worth targeting and that data breaches only happen to large corporations, but this is far from reality.
Here, Paul Holding, Founder of IT integration provider Ripley Solutions, discusses how SMEs can remove backdoors in their IT systems and increase awareness of cybersecurity throughout the workforce.
Cyberattacks are commonly launched without a specific target and look for vulnerabilities in IT and OT systems that can be exploited, irrespective of the business size. Smaller businesses normally don’t have a dedicated IT or cybersecurity team, so might not realise they are vulnerable until it is too late. As a result, SMEs might be even more susceptible to attacks than their larger competitors.
Gaps in security
Many businesses had to adapt to remote or hybrid working quickly in response to the pandemic. As a result, these companies had to rapidly change their existing IT infrastructure to give employees the access to technology and information that they needed.
During rushes to streamline processes, businesses can overlook the broader security issues that can occur by unknowingly connecting a machine to the internet. Businesses can create challenges by introducing remote maintenance systems, connecting a machine to the wider IT system or trialling an IIoT system, without scrutinising the security implications.
When it comes to cybersecurity, businesses should leave nothing to chance, either when making quick changes or more extensive infrastructure upgrades. One unsecured system could allow hackers to gain access to a machine and then into the wider network, including sensitive information.
The hacked system could be as unassuming as an air conditioning unit and ultimately allow hackers to access customer credit card information, passwords, personal employee details and hold systems at ransom with ransomware.
Putting up defences
Hackers use a range of techniques, such as phishing and viruses, to access IT systems. Businesses can also create backdoors through weak passwords, using systems without firewalls or anti-virus software, misconfigured components or not installing software upgrades. According to Hive, a nine-character password using just lowercase letters can be cracked in ten seconds, so ensuring employees know how to create strong passwords that are hard to guess and avoid phishing attacks is key.
People commonly reuse passwords on multiple systems, so implementing multi-factor authentication systems with an additional verification code protects the system, even if the password is compromised.
One of the main security issues businesses face is that once a system has been breached, hackers are able to move laterally throughout the organisation because there are no internal defences. Introducing further internal layers of security defence reduces the freedom that hackers have to access the entire system.
Personal client information and passwords are obvious targets, but businesses should also be aware that hackers can install ransomware into a system to hold the data hostage, compromise operational technology processes to disrupt production and demand financial incentives to release the system. These techniques can halt production for any business and be very costly, so even SMEs should consider protecting against these attacks.
One way to avoid simple hacking techniques is by training staff across the business on how to avoid falling into phishing or hacking traps by not clicking on links or attachments from unknown sources. Staff can also unknowingly create backdoors when setting up remote access channels, by not understanding how IIoT and connected machines can create backdoors, so consulting with a specialist is the best method if staff are unsure.
IT security should be everyone’s responsibility, not just the IT team or the cybersecurity expert. Employees wouldn’t leave a building unlocked at night, so the same mentality should be adopted to avoid cybercrime. Employees can learn to take on the mentality of someone trying to attack the system to help them consider the possible backdoors they are creating at every step of integrating new technologies or machinery.
SMEs can also instil an overarching strategy across the business to combat cybercrime, such as implementing a layered defence to prevent lateral movement. This gives businesses the peace of mind that their connected machines and IIoT are secure. To find any weak points in the system businesses can contact cybersecurity experts, like Ripley Solutions, who can carry out assessments looking for cybersecurity weaknesses and provide tailored solutions to solve the issues.
There is no cookie-cutter solution to cybersecurity for SMEs, but there are solutions that can be implemented to avoid being three times more likely to be hacked than a larger company.
By understanding the pain points in a business and finding gaps in security, companies can understand the problems that they are facing and solve them. Managers can put in a tailored cybersecurity solution that does not just rely on the newest technologies, but considers how it protects the company’s productivity, employees and stakeholders.
Contact cybersecurity provider Ripley Solutions to discuss a tailored solution to your business’s cybersecurity and avoid unnecessary cyberattacks. To book an assessment of your operations, click here.