Preventing Cyberattacks
The Definitive Guide On How To
Protect Your Website Against Cyberattacks
cy·ber·at·tack / noun
Updated: March 11, 2022
By: RSH Web Editorial Staff
For a business to suffer a cyberattack is bad. For a business with an entire company branch specializing in IT security and data loss prevention to suffer a cyberattack.
That is exactly what happened to DLA Piper. One of the world's largest law firms, employing more than 4,000 attorneys in more than 40 countries. They have a wide range of branches, including: Intellectual Property, and IT Security. Nine days later, the company was still struggling to get its systems back up and running.
It is virtually impossible to run a business today that doesn’t use electronic data and record keeping in some fashion. As a result, security risks are an unfortunate but a real threat for just about every business.
A cyber-attack is a malicious act by persons, groups or organizations against a computer system or website that is intended to destroy, to damage, or take control in order to carry out illegitimate operations or steal data.
You can bet that even if you are not monitoring your website, hackers are. And just waiting for you or an employee to make a simple mistake.
One of the simplest strategies you can do is ensuring that your entire network is up-to-date. This means paying attention to all notifications regarding updates to your operating systems, your antivirus software, web browsers and firewalls. Ignoring any of these will leave openings in your security system.
Most all Security Experts state that you should never use the same password for all of your accounts. Once into one account, they are in all your accounts. Try to create diverse passwords that combine numbers, symbols and other factors to ensure it is safe and secure. Use strong, random, passwords, often changed , and guarded closely passwords.
Hackers should never be in your networks, website, or databases. But neither should some employees. Many businesses allow their employees to access all kinds of sensitive resources that they have no reason to access. By restricting access to key assets, like your website or emails, you minimize the risk of a careless employee handing over the keys or opening doors they should not open.
Many attacks on businesses are exploits the hackers found before you did. And no doubt because they were looking for the exploits when you were not. For many businesses, those holes are in their websites, and mainly caused by either poor security configuration or a failure to update programs and third-party plugins (WordPress).
One of the great things about developing a website today is that you do not have to develop much. There are thousands of developers who offer great tools at affordable prices that can be plugged in and running in a matter of minutes. But that comes with a downside, if those plugins are not free from major vulnerabilities. Like the case of a famous SEO plugin for WordPress that was used by millions but was recently found to have a major security hole.
Mobile Devices have become a critical tool of many businesses. Particularly as employees use them for both personal and business tasks. But they come with risks. Especially privacy and security risks, The theft of a smartphone or tablet, or an employee who downloads malware can expose valuable business information or create a back door for hackers.
A .EXE file is a file designed to execute a program of some type. Most of the programs you interact with on a daily basis, from your web browser to your video games are using an .EXE files to run. But there would be very few legitimate reasons to send .EXE files via email. Configuring your gateway mail scanner to filter out .EXE files can help you avoid some of the worst malicious attacks.
.EXE files are not the only files that can put your computer at risk, though they are some of the most common. But there is an entire collection of other risky file types as well.
Fortunately many of these file types can be forced to run using a text editor like Notepad or TextEdit. And by setting your machine to run them in Notepad instead of executing their code, you can stop attacks that make use of these file types. It will just open a .txt document with their code in it, rendering it harmless.
To set in Mac. Right-click (Control-click for single button mouse users) on the file and select "Get Info" from the contextual menu. Then click on "Open with" - Selected file type.
For Widows, Open Control Panel, click on “Programs”, then click on “Set your default programs”. The window that appears will list all the file types your computer recognizes, and the programs associated with them.
We suggest setting the following list of file extensions to open with Notepad or Mac to TextEdit.
.JS .JSE .HTA .WSC .WS .WSH .WSF .VBS
Doing this can stop 90% of the infected email attachments from running, which is how 95% of mailware infects your machines.
Be careful on who you hire and make sure they are the kind of people that will follow your security rules, understand their role in protecting their workplace, and not engage in behavior that can put your business at risk.
Your employees can be your best defense or your greatest vulnerability. “Untrained employees are the biggest risk for Businesses”. Training needs to be conducted regularly, not just once a year. It also needs to be varied, both in method (such as in-person, email, blogs) and with different topics (such as password security or visitor access) to engage your employees.
Since 2016, over 4,000 ransomware attacks have happened daily in the U.S. If that pace continues, by the end of this year there could be more than 100 million varieties of malware. Most malware consists of smart and dangerous Trojans that seem to get smarter every day. If you are not proactive about avoiding malware, chances are they will get in.
Who would want to hack into your business, computer or website. What would they be looking for? Keep asking yourself that question.
Look at your website like a hacker would. Look at your employees and their behavior, your email, the way you protect your information and what kind of information it is.
The view from outside is always different from the view inside.
https://www.dhs.gov/topic/cybersecurity.
The following preventative strategies are intended to help our public and private partners proactively look for emails attempting to deceive users into "clicking the link" or opening attachments to seemingly real websites:
Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.
Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.
Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate!
Set secure passwords and do not share them with anyone. Avoid using common words, phrases, or sharing personal information.
Keep your operating system, browsers, antivirus and other critical software up to date. Most security updates and patches are available for free.
Verify the authenticity of any requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request.
Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.
For email, make sure to turn off the option to automatically download attachments.
Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.
Learn More about Cyberattacks.
• Cybersecurity best practices. Stay safe from cybersecurity threats - SBA
• Cybersecurity involves detecting, and responding to cyberattacks - ready.gov
• Reducing your exposure to cyberattack - NCSC.GOV.UK
• Preventing and Defending Against Cyberattacks - Homeland Security
• Protect your company from cyberattacks - Mass.gov
• Preventing and Defending Against Cyberattacks - CISA
• Protect your business from cyber threats - business.gov.au
• Advice about common security issues for non-technical computer users - us-cert.gov
• Information about current security issues, vulnerabilities, and exploits - us-cert.gov
• Weekly Summary of New Vulnerabilities - us-cert.gov
• Online Security Tips - OnGuardOnline.gov
Thomas R
This is very useful for the small business, thank you
Tweet Share Pin Tumble Email.
