What are the basic cyber vulnerabilities of web sites for business?

There are simple cyber vulnerabilities resulting in inadequate cyber security of websites.

Large and small businesses that publish websites invest considerable efforts in building an interesting and attractive content to users and customers. Yet, we need to remember that as the site goes online, and the "record" is published on DNS, it is also added on the list of targets for cyber attacks.

The first and foremost risk is the username and password selection. To understand the risk of using simple passwords, we will demonstrate here how hackers break into websites. We will also review the risks inherent in planning inadequate management of the sites. We will also see here, by way of illustration, contemporary attempts assault on our website.

Attack Technique No. 1: Look at the names of the site and its managers and try to crack the password by using different combinations

The attacker tries the first relatively simple combination and then adds basic words listed in the dictionary.

Attack Technique # 2: Buy a computer, download black-hat software and adjust various hacking scripts to attack repeatedly until you reach the destination – hacking the site.

The attackers are leaving the attacking computer on 24/7, until a victim is found.

Weaknesses and other vulnerabilities are: choosing too simple passwords based on words in the dictionary entries (eg "Password123"), exposing the names of the managers on site content, allowing the users to upload files, sites with payment options without SSL, no software updates, and no current backups.

In the video we prepared, we show an attack on a Web tool that is intended to break username / password. A series of guesses – millions of combinations – occur automatically under predetermined list.

How do you know if your office network is safe?

Are we in our office exposed to cyber risks? How can we protect our digital assets?

During business days and weekends, do we really know what's going on our computer network?

Once we install an office Internet connection (a technician connected the modem and left after short while), the system works on autopilot. We assume today the office computer network is secure. Yet, many local networks of small and medium-sized offices (and home offices) are not secure. You may assume that a security breach already exists and it will invite thieves. Our job is to ensure we maintain our basic protections and procedures intact.

Among the risks to note:

  • WIFI wireless network is probably exposed with no or weak encryption

  • Visitors are allowed to use the Internet, to connect to our net and transfer files

  • We are exposed to viruses on the Internet that are not blocked by antivirus software

  • The firm is connected to the Internet by using un-updated software 

  • We use outdated Windows computers such as Windows-XP

  • We use mobile phones with untested apps

  • Our wireless network passwords are weak

  • Guests come and connect devices on our computer network

  • We improperly use non-unique passwords

  • We don't backup daily

  • We don't save confidential and sensitive information in a safe place

  • And other issues need to be addressed, such as connection accessories for laptops and operating software …

During a recent survey of small business computer network, we discovered that through the general network connection hackers can relatively easily penetrate to sensitive information in the organization. Here is "red-alert" picture of the status:

Although the office audited has a small number of servers and computers, the critical information is exposed to few risks, especially those coming from outside the network.

The picture reflected in the graph, without going into a technical analysis, is red (red color constitutes a significant risk). That is, without doing anything special, it endangers the computer network. This organization is exposed to risks and vulnerabilities.

Another very important protection is using regular data backups to the cloud – a relatively cheap method that requires regular attention.

With the proper construction of cloud backup, we guarantee an "escape door" in an emergency, such as a natural disaster, fire, flooding water, short circuit, fall and crash disk, a serious failure on the server, viruses and cyber risks.

The video we have prepared is an overview of the risks and scenarios. 

How to protect your computers and business data

Here provide a simple guide to the protection and reconstruction of an affected computer network. A system that was subject to a disaster such as natural weather event, theft, sabotage or technical failure.

The above picture is a common "red" status of a typical office computer network.

This is a guide that every business owner should follow:

To return to Normal Business As Usual , there are 4 preliminary actions and methods:

  1. Determining the responsible party for managing cyber risks.

  2. Definition of backup and restore program.

  3. Definition of a disaster recovery plan.

  4. Protecting the digital assets of the business at any given moment.

Send us your email address and we will notify you as soon as the guide is published.

Read more on cyber at http://cyber.udicomputerservices.com/ .

Udi Computer Services