logo

Your Three Biggest IT Security Threats

The Three Biggest Security Threats to your Network:

Employees

It's probably no surprise to you that the biggest liability on your network is your workforce and everyone that has access to your computer systems. The days of computer viruses and worms wandering onto your network from the Internet are long gone. These days, it's widely acknowledged that that the biggest threat to your network are your end users. There are several ways they may cause a breach on your network including:

  • Visiting a website that has malicious code on it
  • Opening an email attachment or clicking a link from a hacker
  • Connecting an infected laptop, wireless device, or flash drive from home to your network
  • Purposefully sabotaging or deleting files (disgruntled or malicious employee)

Email

Email has definitely become the biggest attack vector of hackers in recent years. Email has become the number one method to try to trick users into clicking on links that might infect systems with viruses, gather information, or even scam users into thinking they are communicating with someone else in the company. In a recent hacker email attack, the hacker made email appear to come from the CEO of a company and asked an HR representative to update their Direct Deposit information to route funds to a different account. The CEO’s salary went to an unknown account for over 3 months before it was discovered.

Microsoft's popular Office 365 Hosted email platform has become a hotbed target for hackers. Many companies that have migrated their email to Office365 are using the default security settings, which is a huge danger as hackers are becoming more and more sophisticated in their attacks. Click here to download Locke Systems' O365 Security Brochure for more information on how to secure Office 365 Email and get a Free O365 Security Audit.

Your IT Provider

This might come as a shock to you, but your IT Provider might be a huge risk to your network. A new attack method is on the horizon and increasing at an alarming rate. Instead of targeting businesses one by one, hackers have found a better target: your Managed IT Services Provider (MSP). In the past six months, hackers have successfully breached several IT Providers allowing them to infect and hack all their customers using the IT Provider's own tools and remote access.

Some recent examples:

  • In July of 2019, a Portland-based IT Provider that serviced Dental Clinics got hacked. By morning, dozens of Dental Clinics in Oregon and Washington were unable to retrieve patient records or access any other data. Due to the scale of the attack, the MSP refused to answer any calls and promptly went out of business, leaving customers to look elsewhere for help.
  • In August of 2019, a Texas-based IT Provider was infiltrated causing the data of 22 Texas Municipalities to be held ransom by hackers. Similar to the Dental offices, all of the data and also the backups were encrypted, and the hackers demanded ransom payments be made in untraceable Bitcoin currency.

Many MSPs are overwhelmed and understaffed and have not taken the necessary security precautions to protect themselves and their customers. The documentation, remote access, and monitoring tools that they use to service your systems are a huge liability to your business if they are not secured properly.

Warning signs that your MSP might have lax security include slow response times, high employee turnover, and important passwords never being changed even after previous employees move on.

Click Here to download our brochure for more information and also tips on how you can protect yourself against this new emerging threat.