I often hear “I’ve only got a small business, hackers wouldn’t be interested in us” – Well that is actually quite far from the truth.
Small businesses are increasingly becoming targets for hackers and malicous actors for one really simple reason… Often small businesses cyber security is non-existant and attacking these targets is not only easy but also quite profitable for the bad guys.
For small businesses typically putting in some basic best practices can improve the security posture significantly.
Keeping software and operating systems up to date
Every time there is a security update released from a software vendor it basically tells the bad guys here is some issues that you can exploit. Running out of date software and operating systems means that you are vulnerable to all of the security holes that have already been fixed.
Keeping your systems up to date can be done manually by relying on staff to install the updates as they are available but what is most effective is having your updates managed by a patch management service.
Most reputable IT Service providers will offer this service where they basically ensure devices have all the latest updates and patches applied so you don’t have to worry about it.
Open RDP Ports
I’ve actually been quite surprised lately when we have been security reviews for new clients in Warrnambool & Portland to find open remote desktop ports that allow people from the internet to login to the server.
Leaving these ports open without any additional security basically opens a hole into the network where threat actors can attempt to login. Usually they will attempt to brute force (where they try a large list of passwords & usernames) their way into the network. Once they are in, they can steal data or encrypt everything and hold you to ransom.
You can do a quick check to see if you have RDP open on the default port. When you are on your local business netowrk, go to https://portchecker.co/ and select Remote Desktop – 3389 from the list & check. This is only checking RDP running in it default and most discoverable method. If it says the port is open then you have a major security hole straight into your network and you should look at closing this up.
Multi-factor Authentication
According to Alex Weinert from Microsoft “Users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks”
What is MFA? Well it’s basically adding a second authentication method on top of your password, hence the multi in Multi-Factor Authentication.
Most services do MFA through a phone with an SMS or a dedicated app that generates a code. When you put in your username and password, you will then need to supply the code as well. The reason this shows such an increase in protection is that it is unlikely that an attacker has your phone when they are trying to breach your account – especially the automated attacks.
No GEO-IP Blocking on network & emails
With many attacks originating from overseas enabling GEO-IP blocking can block internet traffic that is going to certain countries.
We typically have rules setup on people’s emails so they cannot login from overseas, it is annoying when you travel. But it is simple enough to turn off if need be, or to add some other countries to the allow list.
This isn’t fool proof as there are attacks that originate from Australia & many times attackers will be bouncing off another computer that has already been breached but it does add another good layer of security.