Three ways in which cybercriminals break and enter your digital home.
Do you leave your front door unlocked?
What about your virtual one?
“Peace like charity begins at home.” Franklin D. Roosevelt
Your home is your temple, your safe space, it’s yours. Most people attribute their home to something physical and being physical it’s, therefore, something that needs protecting.
This is true but it’s also so much more. In this day and age, people have two homes, two identities, a physical and a virtual one.
Your worldly home is filled with your valuables, your otherworldly home is filled with your data. The same reason criminals break into homes, to steal your valuables, in this technological, data-driven age, your data are the valuables that cybercriminals are looking for. Data is the new gold.
A common fallacy is that people see cybercriminals as one-man bands living in their parents’ basements. This is fundamentally incorrect. Cybercrime is an organisation, hence the terms ‘Criminal Organizations or Organized Crime’. Cybercrime runs like a real-world business, it has staff, managers, directors, etc and how these organisations contribute to society is by taking your contributions instead.
We go to inordinate lengths to secure our physical homes but leave our virtual ones vulnerable. Why?
There are three major weak points of entry in any home – virtual or physical. They are:
1.The front door.
The front door is generally the place of highest security but that security is only as good as the person manning the door.
Everyone is aware of criminals going around, posing as people from other companies, ie gas, electric, etc then the moment the front door is opened, they barge in to commit their crimes.
As with front doors, the weakest point of any company network is the human element.
Jones Day suffered a severe breach last month as a result of its vendor Accellion being breached. Although Jones Day holds its network is secure, the person on the door Accellion is what lead to hackers gaining access to sensitive client data of one of the largest law firms in the world.
A company is only as secure as its weakest link. To find out how to strengthen your weakest link, the human link, see [BTYES LINK]
2. The backdoor.
The backdoor has the benefit to criminals of being less secure than the front door and often has no guard keeping watch.
With the absence of a guard and tighter security, the criminals have time on their side. With this time, criminals can sit there for as long as they need to test various keys until eventually, they find one that works. This is known as brute-forcing.
Having basic passwords is the same as having a basic lock and basic locks only need basic keys to break. Solarwinds suffered such a breach as a result of one of their servers having the password ‘solarwindws123’. As you can imagine, it didn’t take long for the hackers to gain entry and start causing havoc.
Take a look over your firm, do you have any standard passwords, where are your basic locks? Find out more on using and managing complex passwords in your law firm.
3.Rappelling down the chimney.
You can have the tightest security on your doors and windows but your chimney is essentially an unrestricted route into your home.
Of course, no one is going to squeeze down it (unless you’re Santa) but in the digital crime underworld, that chimney, being virtual, can be easily manipulated to fit one person or a hundred at the same time.
A perfect example of cybercriminals barrelling down a chimney is when significant volumes of sensitive data on high roller customers have been stolen from a Casino in North America a couple of years ago. The casino network was hacked via a smart thermostat, in a fish tank.
Smart devices are ubiquitous in homes now with the advent of the Internet of Things and these smart devices have little to no protection and can essentially provide unfettered access to your network and your virtual home.
And as crazy as this hack might seem then, you can be sure that things are just as crazy now.
You wouldn’t leave your gold lying around. Don’t leave your data.
Author - Rikin Patel, Founder & CEO of Impact IT, https://www.impact-it.tech/