Assuming you work in a business or organisation with less than 30 employees…if hackers were to attack it, how do you think they would get in?
My opinion is you couldn’t have picked a spammier title if you tried.
They’d ask what the biggest IT security risk was on a message board and one of my coworkers would be fool enough to answer.
Guys, I’m not asking for your bank a/c details or email passwords.
I just want to find out what do people see as the biggest cyber risk?
Well there is only one person in my small biz: me. And I just got an email from Google yesterday:
Some of your saved passwords were found online
Some of your saved passwords were found in a data breach from a site or app that you use. Your Google Account is not affected.
To secure your accounts, Google Password Manager recommends changing your passwords now.
[Check passwords](https://accounts.google.com
You can also see security activity at
https://myaccount.google.com/notifications
And one of these sites was Straight Dope!!! [I use the same password at Straight Dope as at a number of other sites]
And the security solution I really need to implement is to get a password manager.
PastTense, at least Google warned you about it! Thanks for your post. BTW, I hear 1Password is meant to be a user favourite…
The most common attack of a small business is an email compromise and accounts receivable harvesting, where the attacker redirect email and gets customers to send their payments to a different account. Ransomware is also common.
I would say that the biggest risk is probably not actually having the budget to have actual IT professionals of ANY stripe working for you, much less trained information security pros.
The second risk is probably that the hardware and software you’re using is probably very small-scale stuff that’s not much different than what people use at home.
Third, I’d guess that the people in your organization are used to a lot of independence, and trying to impose information security restrictions on them is likely to get a lot of resistance and unless your owner/CEO is on your side, probably orders to relax them.
The biggest risk is and always will be the people. Someone will find some clever way to ask you or an important employee for a password, and you’ll fall for it and tell them.
Phishing and poor user education followed by unpatched systems.
For us, probably bad coding that isn’t caught in time. Something that just tweaks a few records a little bit. If this went on for years, it would be a mess.
Absolutely, whether big or small. I have to jump through hoops to get to my HR stuff now because someone would get email addresses and wouldn’t even hack them, just get a similar domain and send out emails with attachments.
From: office_manager_name@straightdope.not
To: Saint Cad
I need you to click on the document I attached and look it over to make sure you get paid correctly.
Attached: SaintCadPayWarrant.doc
Yeah, a lot of people fell for it so now everyone has to go through two-step authentication. Not so bad that considering when it first happened you could not get into your HR stuff if your computer was not hardwired into the internal network. So no, you couldn’t access it from home.
A disgruntled ex-employee. Given the turnover in some small businesses, somebody could get a job to find out passwords or where the actual physical key is, or how to break into the office, then leave after a while and come back (may be even physically) and clean the company out some night. In a large organization, everything is controlled through user ID’s and they get locked down when someone leaves. In a smaller organization, it’s just a few generic ID’s (everybody uses the same ID at the cash register, for example), in which case all passwords need to be changed whenever anybody leaves the company, but this gets negated by physical infiltration because there’s always that one bozo who writes the new password down and “hides” it in the exact same place.
Yep. This
About once a month I send out a notification that Company President is not texting you, and does not need ITunes gift cards.
People still fall for it.
Even worse when the scammer gives his title as “Mr. Company President” and people fall for it.
I actually got a scam email where the scammer introduced himself as “Barrister Company Lawyer”. Needless to say, I “fell” for it.