How to Identify Cyber Threats and Prevent Them

In this deep dive into the different methods cybercriminals use to infiltrate our systems, we will review the most common tricks in depth. Hopefully, we can arm you with the tools you need to prevent those infiltrations. Before we start, however, it is vital that you understand the following: an attack is coming. You cannot blindly trust that you are an unattractive target for cybercriminals. Basically, expect to be attacked. It doesn’t matter if your company is a one-man operation or a Fortune 500 corporation. If you use the Internet in any capacity to run your business, you’ve got data (like passwords and client information). Even seemingly unimportant client information, like email addresses, give a cybercriminal another piece of the puzzle when it comes to identity theft.

A renowned cyber criminal turned cybersecurity professional, Kevin Mitnick, and his company Mitnick Security, have a 100% success rate at hacking into their client’s networks (at their client’s request, of course). Let that sink in. They’ve never found a security system they couldn’t manipulate and gain access into.

This is the harsh reality. There are no number of security systems that can stop every attack. We can only reduce the risk that a company faces. The severity of the attack, then, is determined by how well a company can respond to threats they detect, and how quickly they can recover afterward.

Know the threats, take practical precautions, and have a recovery plan in place.

Because cybercriminals are always one step ahead of security measures, we have to adapt. This means we need to have the right tools in place to identify potential threats before they become serious. These tools should flag threats in real time and alert the right people. These tools save companies millions in potential damage to both reputation and revenue. They are beyond anti-virus. They alert for threats that make it through the anti-virus wall.

Outside of these reporting tools, which any good IT support company should use (Ask yours about their proactive monitoring tool!) the trick to cybercrime prevention is making yourself a difficult target. It takes mere minutes for most cybercriminals to crack a password or find a weak spot and access a company’s database. If you can increase your security and know-how and make it more difficult for the hacker, they may move on to easier targets.

So, how do you do this? Here’s a breakdown.

Start with identifying assets that are most important to your organization. These are things like sensitive data or applications; anything that could put you out of business if it were compromised or forced offline. Make sure these items are backed up frequently and redundantly -- preferably in a private, secure data center (aka ‘the cloud’, but better). Backups should occur as often as you’re comfortable with -- our customers typically back up their data every 60 minutes. If your data gets compromised at 1:32, you can roll back to 1:00, get rid of the corrupted data, and you’ll only lose 32 minutes of new data.

Identify your recovery time objective. What’s the actual cost of your downtime? To calculate this, identify the number of employees that would be affected and their average hourly wage. Then, find the average hourly employee overhead cost. Lastly, determine your hourly revenue. Add this total cost - that’s the amount of money you’d lose every hour you’re down. Your RTO is the number of hours you can afford to be down.

In addition to your RTO, you’ve also got to determine your recovery point objective. This number indicates the point in time to which data must be restored. How much data can you lose? Remember, your IT support will need to rollback your data to the last uncompromised backup. Typically, companies have this set at 12 hours, but can you really afford to lose 12 hours of business?

Now that you know and understand the financial impact malware can inflict upon you ( ransomware is even worse, by the way ),  let’s get into ways you can avoid it. Educating yourself is important, but we’ve often found that people need to be reminded more than they need to be taught. The tips below should look familiar, but hopefully, they will remind you of best practices you’ve let fall to the wayside.

• Install and update good antivirus. Antivirus software will report when trojans or viruses have been detected. The trojans can act like backdoors into your network -- many hackers rely on trojans to gain full access to your system. If you’re getting a steady stream of reports about trojans from your antivirus, it’s a clue that your system could be accessed from the outside.
• Update your computer ASAP. When you get alerts that it’s time for a computer update, get it done. These updates and patches help lock down your system with the latest cybersecurity tools. Unpatched and un-updated computers are easier targets for hackers. Remember, making yourself seem like a difficult target is one of the only ways to prevent an attack.

• Pay attention to computer speed. An indication that a hacking attempt or malware outbreak is occurring is reduced internet speed. Hacking will usually cause spikes in network traffic, which then affects speed. It should be noted, however, that good hackers can accomplish their attack without slowing down your computer. Typically, a slow computer means an attack has already occurred, and the virus is slowing your computer down.

• Steer clear of suspicious pop-ups. Employees should practice safe web browsing. If a pop-up window does appear, you should avoid clicking on them (even to close out of them). Unknown pop-ups can be infected with malware or spyware that can compromise the network. Instead, you should close the entire browser window. If that’s not possible, shut your computer down and reboot. The extra time and care you take on this will definitely pay off.

• Note unusual password activity. Are you locked out of your system? Have you received an email telling you that your password has been changed without your knowing? These could be signs that your password has been compromised. A security best practice is to make sure that all employees create strong passwords that are changed frequently. For example, we suggest 8 or more characters, a symbol, and a number. We also suggest a change of password every 90 days.
• Identify mysterious emails.  Emails are the number one way cybercriminals are able to access your computer. Hackers have gotten smart - a lot of the phishing emails they send look legitimate. They could even be sent by someone on your contact list. (That’s called spoofing.) How likely would you be to question the legitimacy of an email that comes from one of your customers? Practice safe email protocol and do not open email attachments or click online links that you are not 100% expecting. If you aren’t sure the email is legitimate, call the sender to verify. It takes more time but ultimately could save you from an attack. Additionally, you should never respond to emails like this. Replies validate the email address, which means they can go on to attack others, too.

So, do you and your employees understand the risks of a cyber attack? Do you know what to look out for? Do you have the right tools to see a potential cyber attack while it happens? If you do have that tool, do you have the right skills and resources to understand what is happening and stop it? Do you have the right plan in place to recover after an attack? If you’ve got the plan, do you have the right infrastructure and support to carry it out?

Would you like help to establish this level of cybersecurity? At Preferred IT Group, we are experts in the installation and management of cybersecurity systems. We can work with you to create a professional, usable, and strong recovery plan for your company.

If you’re interested in knowing how you stack up against industry cybersecurity best practices, give us a call at 260.440.7377. We would be happy to set up a meeting to discuss it with you and give you our individualized recommendations to bring you up to industry standards.