SEO Texas, Web Development, Website Designing, SEM, Internet Marketing Killeen, Central Texas
SEO, Networking, Electronic Medical Records, E - Discovery, Litigation Support, IT Consultancy
Centextech
NAVIGATION - SEARCH

Cybersecurity Practices For Small-Medium Size Businesses


Small-medium size businesses (SMBs) pose as an easy target to the cyber criminals. The reason behind an increased number of crimes against SMBs is that majority of cyber-attacks have an underlying motive of stealing personal data for identity theft and credit card fraud. Since SMB networks tend to be less secure, it becomes easier for the hackers to launch a breach successfully.

As there is an alarming increase in breach incidents, it has become important for SMB owners to pay more attention to cybersecurity. Some cybersecurity practices that SMBs should adopt are:

Document Your Cybersecurity Policies: It is important to document the cybersecurity policies, installed updates, analysis reports, etc. SMBs can make use of online planning guides to initiate the documentation process. Also, many portals offer online training, tips and checklists related to prevailing cybersecurity trends. This is an important step for SMBs to keep a track of their cybersecurity protocols.

Educate Your Employees: As the cyber-attacks are becoming more complex, the cybersecurity policies are also evolving. In addition to regularly updating the protocols, SMBs should define internet use guidelines and establish consequences of cybersecurity violations. The employees that have access to the network should be thoroughly educated about these updates and guidelines. They should be properly trained on security policies and ways to detect malware or infection.

Firewall: Make sure that your employees should use a firewall when accessing business network in office or at home. Firewalls act as fist line of defense against cyber-attacks targeted to access sensitive data. For an additional line of defense, SMBs should consider installing internal firewalls in addition to external firewall.

Mobile Device Security: As the BYOD culture is gaining popularity, most employees prefer using their own mobile devices to access business network and sensitive data. Since employees tend to download numerous applications or software on their mobile devices, they pose as a threat by accidentally downloading malware. A hacker can compromise the mobile device and gain access to the sensitive business data. Thus, educate your employees on the requirement to encrypt their data, install trusted security apps and password protect their devices.

Password Policies: Teach your employees to use strong passwords. You can ensure this by setting well-defined password policies for network access. Also, it is advisable for SMBs to use multi-factor authentication for granting network access to the employees and consumers. SMB owners can also lay out the policy that requires employees to change their passwords after a few months.

Data Backup: Invest in off-shore backup plans to ensure data retrieval in case of any disaster or data loss. Make it a point to back up the data at regular intervals. If possible, consider using automatic data backup settings.

 For more information about cybersecurity practices for SMBs, call Centex Technologies at (972) 375 - 9654.

Watering Hole Attack

A watering hole attack is an opportunistic cyber security attack where the attacker targets a specific group of end users, usually an organization.

What Does ‘Watering Hole Attack’ Mean?

The attack gets its name from a wildlife predatory tactic. Many predators in a forest lurk around a watering hole or an oasis to wait for their prey. As the prey comes to drink water from the oasis, the predator grabs the opportunity to attack. The cyber-attack follows a similar approach and is thus named as ‘Watering Hole Attack’.

How Is The ‘Watering Hole Attack’ Executed?

For executing the attack, hacker traps a single user to gain access to a corporation’s server. The attack is executed in a stepwise process:

  • Finding The Waterhole: The attackers begin the process by finding the waterhole. They conduct thorough research and observe their target user to find out the website that is frequently visited by him. This website acts as the waterhole.
  • Compromising The Website: Once the attackers identify the frequently visited website, they look for existing vulnerabilities in the website. They inject malicious JavaScript or HTML code in the ads or banners displayed on the website. When the end user accesses the compromised website, this code redirects him to a separate site where the malware is hosted.
  • Infecting the server: When targeted user accesses the site, a script containing the malware is automatically downloaded on the user’s system. This malware collects personal information from user’s device and sends it to the C&C server. In some cases, the malware script may allow complete access of the victim’s system to the attacker. The infection is then spread across other systems on the organization’s server.

Avoiding ‘Watering Hole Attack’

In order to increase the impact of an attack, hackers choose trusted websites for launching the infection. Also, they make use of zero-day exploits for infesting these websites. This makes it difficult for traditional tools like antivirus to detect these attacks at an early stage. Thus, employing preventive measures is the best way to keep yourself safe from Watering Hole Attacks.

  • Keep your system updated with latest software patches.
  • Configure firewalls & other network security protocols.
  • Monitor the popular websites visited by your employees to ensure that these sites are not infested with any malware.
  • Regularly monitor your organization’s websites to detect any malware at its earliest stage.
  • Use browser’s private settings and VPN services to hide your online activities.
  • Configure your security tools to keep users notified about compromised websites.
  • Educate your employees about ‘Watering Hole Attacks’ and ways to avoid them.

For more information on Watering Hole Attack, contact Centex Technologies at (972) 375 - 9654.