Currently I am writing a series of basic security guides for small businesses. I understand that security is one of the least important things on a business owners mind right now however having the basics of security firmly applied is not expensive or complex and it can help protect your clients data from illegal access.
One of the worst things that can happen to your business is having your clients data stolen and ending up on public websites or used to hack their business.
Hackers are very interested in small businesses
Let me guess – since you are a small business you believe that hackers would have no interest in you? Well please read the extract below from one of 100’s of articles available on why hackers are very interested in small businesses.
Attackers are increasingly targeting small companies, planting malware that not only steals customer data and contact lists but also makes its way into the computer systems of other companies, such as vendors.
Hackers also might be more interested in your employees than you’d think. Are your workers relatively affluent? If so, chances are the hackers are way ahead of you and are either looking for a way into your company or are already inside, stealing employee data and passwords, which (as they well know) people tend to reuse for all their online accounts.
Your company is probably also vulnerable to being attacked through its partners. How much do you know about your vendors’ or B2B customers’ security capabilities? A lot of organizations enter into working agreements with other firms without auditing the partners’ data protections.
Extract from Why Would Hackers Target My Little Company?
So now that I have your attention for a brief time I will not explain how hackers can act like a public wifi spot in airports, cafes or even within other businesses you visit – that is easy and can be done with a $80 USD pineapple.
What you need to know is that you should never-ever use a public wifi because there is a chance that you are in fact connecting to a hackers wifi purely designed to gather data from your device or direct you to websites that look like legitimate ones but are not.
Here is an example for New Zealand on how I could gather your online banking details when you use a public wifi
With a $80 USD tool I could configure it to look at certain links that come from devices that are connected to my wifi such as www.kiwibank.co.nz, www.anz.co.nz or a list of other banks.
Then once the hackers tool has detected the link it can redirect you to a mock website that I have built that looks like the bank’s website. As you attempt to login I will collect your online access details and have them emailed to me. I will also install some malware injection software on my sites to infect your device so I have access to it when I want.
NOTE: I could also mock-up other well know sites as well and force you to login – Amazon, Facebook, LinkedIn – you name it.
I will let you fail logging in and then after 2 failed attempts my website will direct you to a reset password page – I can then hopefully collect more data from you by asking you to provide questions and answers or other tricks to con you into entering even more data about yourself.
By now I have enough data to potentially ring up the banks customer support line and get them to change the postal address so they can send me the card or other devices used for the login process. I will also use your password on other websites you use such as Facebook, online shopping sites because the bulk of people use the same password for many websites!
How do I know which websites you are visiting? Well my wifi tool is collecting all the links you are going to while connected to my wifi.
I will also look for any websites that you log into which could be your own business systems or other business systems like Xero.
There might be lists of clients – their usernames and passwords to access your own systems or vendors that I can email acting as you to fool more people into visiting sites that have my malware installed.
Its so easy!
So security rule for you and your staff – never-ever use public wifi not even your iPad or mobile!