![\"\"](\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2017\/09\/20170914.jpg\")
<\/p>\nIt\u2019s a fact that every business needs to accept: everyone is at risk of a cyber-attack. What\u2019s unfortunate is how many companies aren\u2019t taking this seriously.<\/p>\n
There are a host of basic best practices that a majority of corporate networks are failing to implement, and it\u2019s leaving them critically vulnerable.<\/p>\n
At the very minimum, there are four things every business should be doing to protect their online presence and to protect their customers from the fallout from a cyber-attack: instituting employee password policies; encrypting and hashing sensitive information; hosting their whole site over HTTPS; and keeping their software up-to-date.<\/p>\n
<\/p>\n
Password Policies<\/strong> Part of the problem is how we\u2019ve addressed it so far. Some websites and systems take it upon themselves to enforce password requirements mechanically, rejecting passwords for new profiles unless they meet certain criteria. This is problematic for two reasons: first, when faced with the prospect of having to generate yet another complicated \u201cP@s5w0rd!\u201d the user either comes up with something painfully simple and easy to guess with a dictionary attack, or they reuse a password that has worked in the past. Neither is a safe practice.<\/p>\n The other problem is on the hacker\u2019s side. If they know that a website requires a number, a capital, and a special character, then they can trim their dictionary attack, removing all options that don\u2019t include those values. So rather than making the passwords harder to crack, it actually makes it a lot easier. <\/p>\n The matter has been discussed by a number of very smart people, who have all commented on how flawed the system is. While the issue is hard to address with the general public (who tend to use paths of least resistance), something can definitely be done with regards to employees of a company. Good password habits (including the optional use of a password manager) can and should be taught, and a password policy instituted. It won\u2019t fix every case, but a majority of people can get on board, it will significantly reduce the risk of intrusion.<\/p>\n Encryption and Hashing<\/strong> This is a basic practice that so many have neglected; hash what you can, encrypt everything else. Even in smaller businesses that don\u2019t always have access to the same level of cyber talent, it\u2019s not that hard to get in touch with experts who can help with that sort of thing.<\/p>\n HTTPS Hosting<\/strong> The reason it\u2019s important to host the whole website on HTTPS is that leaving portions of the site unencrypted leaves a backdoor access to more sensitive areas for hackers. We\u2019re past the point where just encrypting the page where you enter credit card information is good enough. If you have an online presence, it should be hosted on HTTPS. What\u2019s more, keeping keys and certificates in order is also important. The whole system is essentially useless if unscrupulous individuals gain access to valid certificates.<\/p>\n Software Updates<\/strong> If you aren\u2019t aware, here\u2019s your infosec crash course. Software updates do three things: fix bugs, add features, and plug security holes. Without software patches, when a hacker learns to exploit a flaw in the software, there\u2019s nothing stopping them, or any of their friends they talk to about the hole. When developers find these gaps in security, they patch them. You shouldn\u2019t be frustrated that Microsoft or Apple just pushed out another update for the OS. You should be thanking them.<\/p>\n If we, and the businesses we work for, could catch up in these four areas, it would go a long way towards defending against incursion. It\u2019s true that no system is 100% secure. Let\u2019s be honest though; the ones we\u2019ve got now could do a lot better.<\/p>\n","protected":false},"excerpt":{"rendered":" It\u2019s a fact that every business needs to accept: everyone is at risk of a cyber-attack. What\u2019s unfortunate is how many companies aren\u2019t taking this seriously. There are a host of basic best practices that a majority of corporate networks are failing to implement, and it\u2019s leaving them critically vulnerable. At the very minimum, there … Continue reading Four Things Businesses Should be Doing to Protect from Cyber-Attacks<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[380],"class_list":["post-1032","post","type-post","status-publish","format-standard","hentry","category-news","tag-cyber-attacks"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/1032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=1032"}],"version-history":[{"count":3,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/1032\/revisions"}],"predecessor-version":[{"id":1036,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/1032\/revisions\/1036"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=1032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=1032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=1032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nIf anything in the cybersecurity industry can be called an epidemic, it has to be bad password habits. It\u2019s a serious problem, and one that has been poorly addressed. People are using poorly designed passwords, and they\u2019re using them for a multitude of online profiles, meaning that if their login is cracked once, it\u2019s cracked everywhere.<\/p>\n
\nFor reasons that are hard to fathom, many businesses are still keeping sensitive information stored in cleartext. Everything from customer information to login passwords are left vulnerable and unguarded, just waiting for someone to guess the manager\u2019s \u201cjustinbieber4eva\u201d password and gain root privileges.<\/p>\n
\nHTTPS came out in all the way back in 2000. Nearly 20 years later, and data transfer protocols are still a serious issue. The sooner each business gets on the bandwagon and hosts their whole website over HTTPS, the sooner we can migrate the majority of the internet to more secure protocols. <\/p>\n
\nThe uninitiated think software updates are annoying. The rest of us, though, are well aware that, in many cases, the updates are all that stand between you and the hacker. If you\u2019re one of the enlightened, be sure you\u2019re spreading the word at your company, so that those with administrator privileges are keeping things up-to-date.<\/p>\n