Thanks to Hollywood, most people think of hackers as superheroes or nerds with magical powers, when in reality their real super power is one that you may think unlikely: psychology. Hackers are not only good at what they do because of their knowledge on cyber science, but also because they are familiar with a user’s weak points and blind spots. For most of us, this blind spot is authority.
The Power of the Admin
Your network’s administrator account is the most trusted and powerful account. It is also the account all hackers target in order to manage a data breach, and it just so happens that human behaviour is so predictable, that most users leave their admin account conveniently labelled as “Admin.” Which gives hackers an exact target of what they should be looking for.
If a hacker would be trying to find a target to hack into the network of a business all they have to do is find the business’ domain. Once they have it, there is no need to go email by email as it is likely there will simply be an address called firstname.lastname@example.org. It’s important to note that if your Admin account is named “Admin,” then you could have a security hole in your network.
Bosses and managers should make their staff aware of what an incoming email from the Admin account looks like, so that if they ever receive a suspicious email, even if it comes from the Admin account, they would know how to recognise this cyber threat and would be able to report it immediately. To prevent this threat, change the name of the Admin account to something random or unrelated directly to the word “Admin.”
The Value of Information
Something that a lot of businesses believe is that if their books are clean, then they shouldn’t be afraid of a data breach . Unfortunately cybersecurity breaches occur for much more than to obtain a company’s data, they also happen to take private or corporate information of individuals to sell to clients as blackmail. Hackers are not only interested in making obvious security breaches so they can ask for ransom. They look for anything they can monetize, even if it cannot be used or sold immediately.
In order to protect themselves against hackers, businesses must identify what Isaac Kohen, Teramind’s CEO and founder, calls the ‘crown-jewel’ data, which is the information the most valuable data that a business or company possesses. This could be anything from employee records, customer information, bank account information, intellectual property or employee personal data. Once the ‘crown-jewel’ data is identified, there must be some investment into protecting it and restricting who has access to this information.
Simple details such as renaming an Admin account or identifying valuable information can often be overlooked and the cause for a great loss of information. It is important to stay alert and not think of any detail as being too small or insignificant when it comes to cybersecurity, as this could make the difference between staying on the safe side and being the perfect target for a breach.