Connected but often with little protection, small businesses are manna from heaven for cyber-criminals and hackers. E-mails, wifi network, USB keys, etc. Discover the 10 most common entry points in micro, small and medium-sized businesses*.
E-mail is undoubtedly the most common means by which to be hacked. A malicious attachment is often the preferred vector for phishing or ransomware.
2- Advertising banner
Some advertising sidebars, especially on free sites, can be hacked and, when clicked, send users to a malicious site or even trigger a malware download.
3- The company’s IT network
A poorly protected IT network, coupled with workstations or servers where security updates have not been carried out, can be an entry point, particularly for worms. Unlike viruses, worms are able to propagate automatically, without any direct action by the user.
4- The internet
The watering hole technique is a real threat and consists in hacking a well-regarded website with high traffic volumes to propagate malware to the computers of the internet users who look up the site or are directed to a malicious website.
Applications, particularly Android ones that are less secure and have fewer checks than iOS ones, and scareware (malicious software that displays alarming technical notifications) are the preferred vector for hackers.
Non-secure wifi systems – such as public hotspots – are still the entry point of choice for cyber-attacks. They are the ideal way to intercept communications or even recover data and passwords.
7- Connected objects
As they can be accessed remotely, connected objects are very vulnerable and can let cyber-criminals “piggyback” onto a company network or hijack these objects to launch massive denial-of-service attacks. Just maybe that virtual assistant that you have recently installed in the middle of your open-space office wasn’t such a great idea after all.
8- USB stick
There could be malicious software on that unrecognised USB stick, intentionally left just lying around. Be careful not to open it at a workstation and use a specifically designated computer, ideally one that is isolated from the rest of the network.
The trusted relationship between a company and its suppliers often fosters carelessness. If one part of the chain is poorly protected, it can become the weak link that hackers take advantage of to access the entire ecosystem.
Passing yourself off as a company CEO in order to steal money via that company’s accounts department, for example, is a much more common practice than you might think. However, nefarious persons can carry out this kind of crime just by finding a host of information on the Internet.
Expert advice - Matthieu Bonenfant, Chief Marketing Officer at Stormshield:
“In small businesses, which are often poorly protected, there are many security loopholes that are often related to the more mundane types of activity, such as accessing a public hotspot or using someone else’s USB stick in your computer. There are many entry points for cyber-criminals and they are constantly evolving. The attacks that result sometimes have dire consequences - especially for micro and small businesses, which are weaker than large companies. This is why it is vital for all companies to protect themselves accordingly and perform frequent updates on operating systems and applications. Regular backups of data are also essential. There needs to be a culture of cyber-vigilance and attention given to suspicious behaviour you notice on the internet or on IT resources. What companies have to understand is that there is not one solution but a raft of tools and good practice that should be shared as often as possible with employees.”
* Non-exhaustive list.