Would you like to know the simplest and most effective ways to get hacked? OK – this post is obviously sarcasm (please don’t take this advice!). However, sometimes a little humor helps the issue really sink in. So in that spirit, here are the best ways our organizations can get hacked these days:
Don’t Train Your Users on Phishing Techniques
Most of the successful hacking attempts these days start with phishing. An email, a text message, or through some other messaging app which looks legitimate but is meant to steal your credentials or install malware. If you want to get hacked, this is by far your best chance! By simply not doing anything (such as training your employees), you can rest assured a phishing attempt will happen. And most likely, it will work.
Use Passwords That Are Easy to Remember or Are Reused
Brute force software can be found for free on the web these days. If there is no company policy (or the policy isn’t enforced) on using difficult passwords, you can be confident it’s probably a matter of time before an easy password is hacked using a brute force attack. And even if difficult passwords are used, if they are copied across multiple apps and websites – have faith in the dark web to eventually hack one of those sites and share the passwords with other cyber criminals.
Don’t Setup MFA
If we can assume that phishing attempts and password leaks are a reality of our modern world, then keeping your accounts unprotected via single-factor authentication methods is an excellent way to hand cyber criminals the victory. When they only need your credentials and don’t need your phone as well to log into your account…well that’s a low maintenance hijack where we come from.
Keep Using Old, Tired, Out-Dated On-Premise Software With Tons of Vulnerabilities
That Exchange server you have in the closet? Do you know when it was originally developed? What about that ERP system, EMR system, Core banking system, phone system? They were all developed in the 1980s or early 1990s, before the internet even existed. Cyber security wasn’t thought of or built into the development process of these systems. The number of vulnerabilities in millions of lines of code is literally unknown and all that can be done is create patch updates as they are found. Criminals love exploiting these vulnerabilities, so the longer that out-dated system remains in your organization, the easier it will be for them.
Don’t Keep Your Devices and Systems Updated
Blame it on the fact that you don’t have time to install all the updates for Windows, Adobe, Chrome, Firefox, 7zip… etc etc. If by some chance you do have time, don’t create a process around it. And by golly, definitely don’t outsource all this to someone who can automate it…
Don’t Implement Zero Trust
It’s just the latest fad right? What’s the worst that could happen if someone gets into your network in one area, and are automatically given free reign into other areas of your network? We can’t think of anything.
Allow your users to visit infected websites
Train your users all you want, there’s still some sophisticated campaigns out there which appear very legitimate to most users. But don’t implement filtering systems that can block infected websites. That would make too much sense right? Shouldn’t we trust our users not to ever go to a compromised site???
If anything we’ve listed above is keeping you awake at night, please do get in contact with us. We’d love to help you sleep!