Anti-virus programs aren’t enough
Author : Matt Yarranton
17 March 2020

Today, many business owners install an antivirus program as their single line of defence and call it a day. However, there are many ways to get into a network that circumvents anti-virus.

Hackers are creating malware faster than anti-virus programs can recognise them (about 100,000 new threats are released daily), and professional cybercriminals test their creations against all commercially available platforms before releasing them.

Even if you had a perfect anti-virus program that could detect and stop every single threat, there are many attacks that circumvent anti-virus programs entirely. For example, if a hacker can convince a user to reveal their password using social engineering and install a legitimate remote access tool via a waterholing attack, anti-virus is not going to save you when they remote into your business and get to work.

There are several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defence plan that will allow you to quickly notice and respond to breaches at each level.  Network and mobile layer protections are well known, but you may not be familiar with the layers and how to protect them.

Physical Layer

The physical layer refers to the computers and devices that you have in your office. It is exploited surprisingly often. However, it is the easiest to defend.

Here are a few examples:keyboard in chains

  • In 2015, 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
  • The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
  • As an experiment, Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert it into their work or personal computers. 17% of consumers fell for it.

For the physical layer:

Keep all computers and devices under the supervision of an employee or secured at all times.
Only let authorised employees use your devices.
Do not plug in any unknown USB devices.
Destroy obsolete hard drives before throwing them out.
In short, taking responsibility for data security involves a lot more than just a software program.

Human Layer

Humans are the weakest link for cybersecurity. A hacker only needs to find one poorly informed, curious or careless employee and they potentially have the keys to your businesses IT.  Some of the techniques employed by the hacker are social engineering, phishing and waterholing and all are designed to trick a user into doing something they shouldn’t.   Some examples of famous security breaches that were results of the human layer are:

  • In 2011 the security company RSA was hacked which was just the starting point that led to the attack against the ultimate target, Lockheed Martin.  The attack started with an Excel document, sent to a small group of RSA employees, via email, which contained a malicious code which opened a backdoor for the hackers.
  • Sony was famously hacked in 2014. Thousands of files, including business agreements, financial documents and employees’ information, were stolen. They were targeted by a spear-phishing attack which looked like emails from Apple.
  • In 2016 the Democratic National Committee was hacked which famously led to emails being published on Wikileaks.   The hackers used spear-phishing with an email, that looked just like it had been sent by Google, requesting that the user reset their password due to malicious activity.  This tricked the user into entering their password, giving the hackers access to their email accounts.

Protection for the human layer comes down to training and education.  Following the training, you need to keep users on their toes and there are services available that will send users fake phishing emails and report who clicked on things they shouldn’t have.  Don’t get hacked because of PEBKAC. Educate and empower your users to be your first line of defence!

Learn more about how Blisstech Solutions cyber-security services can help. Contact us at 01299 382 321 or [email protected].

More Content

Is Your Business Ready for Another COVID-19 Lockdown?

Given the rapid rise in cases over the past few weeks, another lockdown was inevitable. Employers and employees alike will now be used to a 'new normal' where we are encouraged to work from home. During the last lockdown, we all learned that it is possible for us to...

VIDEO: How to create email signatures in Outlook

This Tech Tip will show you how to create and manage email signatures in Outlook. One of the things I get asked about most by new users of Microsoft Office is how to create a professional email signature. Your email signature is not only a useful way to provide your...

VIDEO: How to use Search Outlook Folders to organise your Inbox

Welcome to a new Tuesday Two Minute Tech Tip that will help you to organise your inbox using the Outlook powerful search features. Are you the kind of person who likes to organise emails into folders? Are you manually dragging your emails around to organise them? This...

How to use MS Teams to replace your file server

You all know MS Teams as a video conferencing tool, but do you know about all of its other cool features? One such feature enables businesses to replace file servers, allowing users to work from anywhere and collaborate on documents in real-time.  This video shows you...

VIDEO: How to Provide Remote Support for FREE with Quick Assist

This Two Minute Tech Tip shows you how to view or control someone else's screen for FREE. As an IT managed service provider we have lots of tools we have to pay for to help us support our clients. However, if you've ever been in a situation where you are trying to...

VIDEO: How to use Windows shortcut keys

Good morning everyone and welcome to your Tuesday Two Minute Tech Tip. 👉 Tired of dragging the mouse around the screen to access the things you use all of the time? 👉 Want to hear about some handy shortcuts Windows that you never know existed? Today's tip will help...

Why setting up Facebook Wi-Fi for your business is a good idea

Setting up Facebook Wi-Fi for your business is a great way to increase customer engagement and loyalty. When customers connect to your guest Wi-Fi they can check in to your business on Facebook to gain access rather than entering a WiFi code. This allows them to stay...

What are the benefits of outsourcing IT support?

Have you ever started a DIY task only to wish you had just called in an expert?  Your IT support should be no different. Many business owners think that they can handle their IT systems themselves.  However, unless they have the experience and finger on the pulse of...

7 ways to secure small business IT

It is hard enough running a business without having to worry about how to ensure your computer systems and data are secure from bad guys.  To help you out, we have put together a list of the top 7 things that you should do to secure your small business IT systems. 1....

Facebook Meta: A New Reality?

Facebook Meta: A New Reality? Facebook has been a part of our lives for the past decade and Facebook Meta is Facebook's next step into the future. Facebook Meta is an augmented reality system that will allow users to play games, purchase items, meet friends, and more...
Share This