10 Ways to Avoid Being the Low-hanging Fruit for Cybercriminals


Are you confused about how to handle your company’s IT security? Just when you thought you had it figured out, another horror story about cybercriminals breaks, and you wonder if your system is at risk. As a business owner, it’s important to ask the right questions and have your truth detector tuned in to make sure you’re up to speed.

A recent episode of Naked Security, a podcast hosted by Sophos, featured a segment on “honeypots”. Honeypots are fake systems set up by researchers to lure in cybercriminals. The end goal of this being that they can study their hacking methods. One of the most fascinating things this study revealed was the amount of time it takes cybercriminals to discover a system and begin hacking into it. The slowest response to discover one of the honeypots, located in Dublin, was two hours. The fastest response time was 42 seconds.

This is an important message to business owners. Many think they are not a target, and that their data is not valuable to attackers. Or that their company’s are well protected, when they are not. In reality, cybercriminals look for the low-hanging fruit, which are targets that are the easiest to hack, regardless of the data. Most attacks begin with a simple internet scan to discover simple exploits; those that don’t have the IT security basics in place. Attacks are usually fully automated, and no system on the Internet escapes them. There is enough of this low-hanging fruit available so that cybercriminals rarely bother with systems that have fundamental protections in place.

So how can you ensure your company isn’t low-hanging fruit?

Have your IT provider make sure these ten things are in place and working properly.

  1. Ensure your operating systems and 3rd party applications on your computer are being patched regularly
  2. Don’t run old operating systems like Windows XP, Windows server 2003, Windows 7, Windows Server 2008.
  3. Have a good firewall with security features that are licensed and functional. (If they aren’t turned on, it doesn’t matter how great they are!)
  4. Use reputable and effective endpoint protection.
  5. Make sure the backups you purchased from your IT provider are well managed and working consistently. This means having them checked and fully tested on a regular basis.
  6. Configure software firewalls on all your computers.
  7. Use dual factor authentication for your email and for remote access to your work computers.
  8. Check that your cloud hosted services like Office 365, G-Suite, AWS, Azure, etc. are hardened for security purposes.
  9. Arrange for company-wide end-user awareness training. This is not as as expensive or time consuming as it used to be. Great tools exist that offer monthly subscriptions.
  10. Perform risk assessments on your business at least annually.

To make sure these things are working correctly; it is wise to have another provider perform the assessment. This is a great way to ensure you are getting an objective point of view. Snap Tech IT offers such assessments services. Contact us to learn more.

By Karl Bickmore, CEO