Blog

Some hacking methods require a certain measure of tech knowledge and skill. However, brute force hacking doesn’t. If you can follow directions, you can learn how to use a password cracking software tool. You can either buy one or download an open source tool for free. In addition, if you need pointers on brute force hacking your way into servers, there are plenty of online communities willing to help you out. This is why brute force hacking continues to be a popular method.

The method is crude because the software attempts to guess login passwords. This is done using lists of commonly used passwords as well as trying different combinations of names (first names and last names), dates (birth dates and historical dates), and words from a dictionary list.

For more random passwords, the software permutates through all possible combinations of numbers, letters, and other characters. For lengthy and complex random passwords, the brute force method may require years of permutation. However, this isn’t generally a problem for hackers because many people use simple and readily hacked passwords. In fact the most popular passwords are entries such as 123456, qwerty, and 111111.

These ridiculous passwords indicate the lax attitudes many people have towards security. They’re a way of getting around the need to memorize a password. As brute force tools get better, secure passwords must get longer. It isn’t easy to remember random passwords and regularly change them (which means recommitting them to memory multiple times). While there are excellent mnemonic methods for memorizing strong passwords, few people have the interest or motivation to learn and use them.

If your business requires strong passwords of its employees, locks out repeated login attempts, or uses two-factor authentication, brute force hackers can get around this if you keep sensitive information on hidden web pages. They need only use their tools to guess the URL of the hidden page in much the same way that they guess passwords. They keep trying until a page shows up that isn’t a 404 error.

Brute force hacking is just one of the many cyber threats your business may face. Contact us to learn how WHOA.com’s managed security services can protect your business.

The school of hard knocks isn’t the way to learn how to set up a disaster recovery plan. In fact, it shouldn’t be a learning process at all because if it fails, there may not be a second time around to learn from your mistakes. It’s imperative to get it right the first time. How is this possible? Get input from experts about your disaster recovery plan. Failing to do this could result in a flawed plan that may let you down in a time of need. Here are three mistakes commonly found in flawed plans:

A Recovery Point Objective That’s Too Large

When a disaster causes data loss, you will rely on data backups saved at previous points in time. The further in the past the backup was made, the more data you’ve lost. Too many people underestimate the business damage caused by using data that’s a day old. The damage is especially acute during peak times of the year when a 24 hour period accounts for a lot of business. If disaster strikes at such a time when your business must operate at peak efficiency, how much data can you afford to lose?

Failing to Plan for a Broad Range of Disasters

It’s always the problem that you fail to plan for that does you in. If you’re in a hurricane zone, you’ve likely planned for the problems this type of weather event can cause. On the other hand, cyber attacks, hardware failures, software failures, and network outages can be costly as well. Human error is often overlooked, yet is a common reason for data loss. A rushed employee or a new hire could accidentally delete critical files or physically damage a server or storage device.

Failing to Keep the Disaster Recovery Plan Current

Disaster recovery is often regarded as a one-time chore to quickly get out of the way because more pressing business concerns demand one’s attention. When treated that way, recovery plans are usually shelved and forgotten. When your business changes, evolves, or scales, updates to your recovery plan must reflect this. An important application upgrade that’s not incorporated into the plan, or employee turnover that causes your organization to lose people tasked with implementing the disaster plan can weaken or nullify its effectiveness.

Contact us today to learn how your business can benefit from WHOA.com’s fully managed disaster recovery as a service.

WHOA.com Offers a Fully Managed, Secure Cloud Infrastructure with enterprise grade security, intrusion detection & prevention services. We offer HIPAA compliant, ISO 27001: 2013 certified cloud hosting solutions for our clients.

Software as a service (SaaS) is an attractive business model. The bulk of its revenue comes from recurring membership fees, and its many benefits to customers are compelling sales points. However, the business is not without its challenges. It demands excellent coding abilities and a good grasp of user interface design. Ensuring there’s sufficient demand, and scaling the business with skillful marketing are other challenges that can make or break an SaaS business. However, poor cyber security can quickly undo your efforts at making your business successful.

A Few Common Software as a Service Vulnerabilities

A well-known benefit of SaaS is that customers can use it wherever they have Internet access. However, this also makes it an easy target for cyber criminals, who may attempt various exploits such as cross-site scripting or SQL injection. Cross-site scripting involves injecting a script that manipulates your SaaS website functionality. An SQL injection manipulates your database when a hacker enters SQL code into a form on your website.

Sometimes your own customers inadvertently contribute to security problems because of poor password management. Common customer lapses include weak passwords, use of the same password for multiple accounts, or leaving their passwords in plain view in their work area.

How a Security Breach Can Damage Your Business

• A security breach that interferes with the service itself disrupts operations and prevents customer use of the service. A lengthy disruption will cause service cancellations by dissatisfied customers and lead to revenue loss.
• If the breach causes loss or theft of sensitive customer data, customers will almost certainly cancel their subscriptions. Data breaches of this kind are highly damaging. Recovering your ex-customers will be very difficult, and some may pursue litigation against your company.
• News of a data breach can be both viral and reputation damaging. Because the Internet never forgets, a bad reputation adversely affects future customer acquisition.

Although some of the above mentioned security difficulties are readily managed such as the strength of your clients’ passwords, others are less so if your company doesn’t have its own cyber security staff. However, you might consider outsourcing your security needs. Contact us to learn how WHOA.com’s managed security services can protect your SaaS business from cyber threats.

 

Cyber crime is one of the biggest threats to businesses today, and the consequences of becoming a victim can be devastating. Yet all too often, businesses leave themselves vulnerable to attack because of the cyber security mistakes they make. Here are five common mistakes your organization should avoid:

Assuming You’re Too Small a Target

For most cyber criminals, it’s about opportunity rather than business size. If a weakness is found, they will exploit it. Once inside, what happens next depends on the criminal and what he/she finds. Basing security decisions on unfounded generalizations about how cyber criminals operate and think is a mistake, because each has their own modus operandi. In fact, some may prefer small businesses because of their weak security resources compared to larger companies.

Not Training Your Staff on Basic Cyber Security

Not opening attachments from unknown sources, not clicking on suspicious links in emails or websites, and good password management are some of the basics that every employee must know and follow. Don’t assume your new employees have this knowledge. Train them how to recognize social engineering attempts and ask them to report anything that’s out-of-place or suspicious. Security should be a part of your corporate culture.

Not Implementing Endpoint Security

Today, computer networks are often accessed by a variety of personal devices such as tablets, laptops, and smartphones. Corporate network access by these devices complicates security. Restrict or eliminate this access, or employ technology that monitors this activity.

Not Updating Your Security Software

Keep your antivirus, malware, and firewall software current. While this won’t guaranty protection against the most recent threats, it will prevent attack from well-known threats that are still capable of causing substantial harm to your company.

Not Partnering With a Managed Security Services Provider

If you don’t have an in-house security specialist, consider outsourcing this function. Today, the threat of cyber attack is real and cyber security is a must. Contact us at Whoa to learn about the layered security we provide for our clients.