are relentless in their hacking efforts, and they’re using a variety of attack vectors to do their dirty work
Thanks to the wealth of information and security technology available, now more than ever companies have the means to keep their data safe—whether it’s on-premise or in the cloud. Despite the advances that have been made in cybersecurity, however, companies still fall victim to attacks every day.
One of the main reasons cyber-attacks are still so prevalent is that hackers aren’t strictly relying on the same malware tactics they used yesterday. While malicious email attachments are still common attack vectors, bad actors are adjusting their methods and attacking via a variety of less-obvious pathways.
From your ordinary office printer to the devices that make up the IoT, here are the attack vectors your company may be overlooking—and the ways you can stay on top of cybersecurity.
Office printers are a hidden cybersecurity weakness
According to HP, 43 percent of companies ignore printers in their endpoint security practices. Unlike computers, printers can go unoperated for days at a time. They’re often located in the corner of an office or even a storage room and are only accessed when they’re needed, so it’s safe to say office printers don’t get a lot of attention—especially during security updates. Yet printers are one of the most vulnerable devices in a company’s office, as they are often connected to both private and public Internet networks. Once hackers have infiltrated the printer, they can often easily make their way to a company’s private network and infect other systems.
Thankfully for offices everywhere, keeping a printer secure is a straightforward and simple task:
- Change any default usernames and passwords that were already installed on the printer.
- Be sure the firmware is current, so any manufacturer updates are implemented.
- Limit wireless printer connections to a WPA2 encrypted access point. If you haven’t already, implement login credentials for printer use.
- Turn off any unnecessary protocols that allow remote access.
- Configure the printer to purge its memory after a specific amount of time or disable the storage functionality entirely. As an alternative, you can set up encryption using the printer utility or firewall settings to safeguard printer storage.
The Internet of Things: Who and what is on your network?
According to Gartner, 20.4 billion devices will be connected to the Internet of Things (IoT) next year. From wearables like smartwatches to smart-home devices such as voice assistants, IoT devices are becoming increasingly important in our everyday lives—which makes them ideal vessels for attackers to wreak havoc and cause destruction.
IoT devices are particularly susceptible to cyber-attacks for a few different reasons:
- Device hardware. The components of an IoT device need to be able to communicate with each other and other devices. Once one device has been hacked, the shared data between all of them can be revealed.
- Wi-Fi and Bluetooth connection. Not all networks are secure, which means that any data a hacker gets access to can be tampered with … which can lead to major problems in connected devices.
- Back-end interfaces. Arguably the most vulnerable element of an IoT device, the back-end interface can be hacked through weak local encryption, hardcoding of passwords, and a lack of a secure-password policy.
A report from the RFID Journal reveals that the number of devices on a company’s network could be as high as 10 or 20 per employee, and a business may not be aware of these devices. In other words, most owners and executives don’t understand the threats the IoT poses to their company’s cybersecurity.
Here are few steps companies can take to protect their businesses against IoT-related cyber-attacks:
- Don’t implement devices on a network that can’t have their software, passwords, or firmware quickly updated.
- Minimize vulnerabilities by always patching IoT devices with the latest software and firmware updates.
- Immediately change the default username and password of any IoT device.
- Ensure that every IoT device on your network has a unique password.
- Mandate minimum IoT security requirements across your company.
Social media safeguards
Cybercriminals have used social engineering techniques like phishing emails to trick executives and employees alike into divulging passwords and other confidential company information—and these same criminals are looking to social media to gather information on their targets or carry out phishing scams within the platforms themselves. While major platforms like Facebook have dealt with their fair share of cybersecurity issues, businesses and their employees alike don’t take social media security seriously, and hackers know that.
To avoid social media cybersecurity attacks, companies should have a social media policy in place. This guide should contain a variety of information, including best security practices, rules related to copyright and confidentiality, and how-tos for identifying scams and other potentially harmful activity. Social media usage can also be blocked for non-critical employees on workplace networks.
While the aforementioned attack vectors may not be obvious, they can lead to major cybersecurity issues if not addressed. To ensure they stay protected, companies should take the necessary safety precautions that decrease their chances of being attacked via one of these channels.