Differences Between Hollywood Hackers and the Real Deal

hackers

In many television shows and movies today, hackers and cybercriminals take the form of evil villains or mischievous antiheroes. While this characterization is undoubtedly fun to watch, they don’t quite get the facts right. Most of the computing constructs demonstrated in entertainment don’t actually exist in real life. This week, let’s discuss what real-life hackers are like, and how they’re different from your favorite computer genius characters.

Hacking Isn’t So Up Tempo

In entertainment, hacking is often portrayed as a fast-paced exercise. Typically, the hacker completes their job in minutes, if not seconds, while exciting music races in the background. The actual work that the, always handsome, hacker is doing consists of typing about 20 lines of code with no mistakes, having a quick revelation as the music swells, and finishing with a flourish of key pressing that results in the victim’s computer crashing or, even more ludicrous, spontaneously combusting. 

While not all television and movie representations are this dramatic, they’re usually still much faster than actual hacking.

Real hacking takes hours, if not more, and isn’t nearly as easy as entertainment makes it seem. Hackers are sometimes sitting in front of their computers for long periods of time reading hundreds of lines of code to try and find some vulnerability. 

Real Hacking Wouldn’t be Fun to Watch

The reason most entertainment platforms depict hacking this way is that the real stuff is…actually pretty boring. This characterization of the insanely smart and good-looking techy hacker that can make technology do anything they want it to is far from the truth. Hackers are usually just average people, or sometimes loners, that often work in a boring office setting to find cracks in networks so they can extract data. 

Real hackers often use automated tools to send out phishing emails, crack passwords, or create scams that fool users into giving them access to their information. None of which would be enjoyable to watch on television. 

Also, a hacker’s goal is usually to collect sensitive information or, at most, install malware on your device. The idea that with a few clicks a hacker could crash your computer or make it explode is absolutely preposterous. 

Why It’s Important to Know the Difference

You may be thinking, “but it’s just entertainment! Why do we care what real hackers do?”. Well, let’s face it, these acts are illegal, and glorifying them the way so many movies and television shows can make it seem like hacking is an acceptable or even cool thing to do. It’s not. Hacking is a crime and these unrealistic characterizations of hackers could give people the wrong impression about the reality of cybercriminals. 

So, should Hollywood change how they portray hackers in entertainment? Not necessarily. It’s true that these depictions of hackers are much more interesting to watch. However, it’s important to know that Hollywood hackers aren’t real and shouldn’t be taken seriously. If anything, view them as comic relief for how ridiculous they are.

What are your thoughts on hackers in movies and television? Do you have a favorite Hollywood hacker? Leave your comments below and check back soon for more great technology content!

Contact Us Today!

Choosing to Enact a Zero-Trust IT Security Policy Can Significantly Reduce Problems

cyber security

It’s often difficult to figure out who and what you should trust with your business’ cybersecurity. How can you know for sure that each individual accessing your infrastructure is secured from threats? A zero-trust model can help by providing reassurance that everyone accessing your network is who they say they are. 

What is Zero-Trust? 

Zero-trust policies are when you don’t inherently trust anyone or anything on your network. This includes devices, accounts, or users on the network. Basically, if someone wants to access your network or any information located on it, they will first have to identify themselves, no matter who they are. They could be a business executive or the average office worker; there are zero exceptions made for a zero-trust policy. Generally speaking, zero-trust policies are governed by some form of external authentication. 

There are many benefits to a zero-trust model. As you might expect, when nobody is inherently trusted on the network, security is drastically increased. When identities are verified before any activity occurs, the network is much more secure because only authenticated individuals can do anything on it. On the other side of this benefit is what happens when the user is genuine but cannot verify themselves. This might make for a rough implementation process, but once your policies get settled, you’ll find that it will make network access much less stressful for your company. 

What Are the Downsides? 

The greatest challenge that an organization will face when implementing zero-trust policies in the workplace is the major infrastructural challenges that will come about as a result of their implementation—particularly for larger enterprises with large workforces, as this means more devices accessing the same infrastructure, and therefore, more need for continuous authentication. The technologies involved in reinforcing these zero-trust policies can make the logistics difficult without committing wholeheartedly to the process. We recommend that, before you implement zero-trust policies, you consult with security professionals like those at 4 Corner IT to determine if it’s the right call for your business. 

 

If you do decide that it’s the right decision for your organization, 4 Corner IT can equip your company with the policies and technologies needed to ensure it is a successful deployment, as well as the support you might need. With multi-factor authentication and additional protections, you can make sure that only authorized individuals are accessing your network. To learn more, reach out to us at 954.474.2204. 

Contact Us Today!

Why It’s Important to Lock Your Computer and Phone

adobeLocked steel padlock in a drilled hole of the black laptop on dark background. Concept of protecting personal data on a computer. A laptop is locked with a lock. Closeup, selective focusstock

Network security is not always about implementing new encryption protocols and using state-of-the-art tools to protect your business. Sometimes, it’s the small things that can make a massive difference. So, if your collective staff can implement this one easy trick, you might be surprised by how beneficial it can be for your network’s security. This practice? Locking your computer and phone.

What Is Locking Your Phone and Computer?

Essentially, your phone and computer can go into a sort of sleep mode when they’re not being used. You do this every time you close the screen on your phone. When your phone “wakes up” to be used, there should be a password required to get back into your phone. Otherwise, anyone can swipe the screen and start reading.

Locking your phone is second nature, and many people have complex passkeys or fingerprints required to do so. Computers are a different matter. Most office workers will stand up and leave their desks without locking their PC. The better practice is to lock your PC, either by performing the lock sequence that will prompt the next user for a password or putting it into a sleep mode that requires a password upon your return.

Let’s take a quick look at the benefits you get from locking your phone and computer.

Keeping Private Documents Out of Sight

The chances that corporate espionage is going to take place at a medium-sized landscaping company might be small compared to a large media conglomerate. Nevertheless, private documents on phones and computers often hide passwords and personal information.

Allowing those resources to be compromised can harm your reputation and leave you open to a litany of problems, including lawsuits.

Your Work Phone and Computer Are Vectors for Malware

Hundreds of people can come and go from a large workplace daily, and it’s not like you can keep track of them all. Unfortunately, it only takes one person with bad intent to find a computer or work phone that is connected to your company’s network and upload malware.

The most common vector for malware these days is email, and many of your company’s resources are geared towards stopping that threat as long as it’s from an external source. However, if someone sends an internal email from a trusted worker’s account and CCs everyone in the building, then it’s safe to say most people would let down their guard enough to open that email.

All it takes is a single terminal to remain unlocked and someone can wreak havoc on your business. Locking your computer and work phones can deter this threat or make at least delay the intruder long enough for them to be caught.

The benefits of locking your phone and computer at work go beyond malware and corporate espionage, though. It stops workers from learning about promotions, pay rates, and internal investigations. Locking your computer can also prevent data from being altered on a project without your knowledge.

Implementing this change is simple, and it does not require a lot of time. Get your team together, teach them how to lock their computers and phones, and test them once in a while to make sure they’re compliant. Not only will this increase security, but it will make your workers feel more like true stakeholders in the well-being of your business.

Check out our blog posts here for weekly content on business, technology, best practices, and more!

Phishing Attacks in 2021 Trending Due To Pandemic

credit card phishing - piles of credit cards with a fish hook on computer keyboard

Hackers have made some nefarious choices over the past several months, many of which involve using the COVID-19 pandemic to spread their influence and steal data through the use of phishing attacks. Let’s explore how these cybercriminals have leveraged a global disaster to their benefit and some ways that you can keep your business secure.

According to SecureList, spam and phishing trends in Q1 of 2021 were heavily influenced by the COVID-19 pandemic, and not in a good way. Here are a few examples of the major threats that surfaced during this time.

Stimulus Payment Scandals

Early 2021 saw many initiatives by government agencies to suppress the financial burden placed on individuals and businesses through the use of economic impact payments and business bailouts. Hackers, of course, wanted to capitalize on this and began using phishing messages to trick people. Targets received messaging that was often specific to their bank and utilized similar branding to official websites. These efforts were all elaborate tricks to convince users to hand over their credentials. Users would unsuspectingly enter their credentials into forms on these fake websites and put their sensitive information at risk.

The Vaccine Race

Back when the COVID-19 vaccine was in short supply or the supply itself was limited to specific groups of people, there was a bit of a race to get to it. This rush created an opportunity for hackers to capitalize on peoples’ desires for security and safety, and they leveraged phishing schemes that used the vaccine to their advantage. They would use language and branding of official health organizations to convince users to click on links in emails, which would then redirect users to fake websites for harvesting credentials or banking information. Even those who got the vaccine received surveys offering free goods in exchange for information.

What You Can Do

It’s no surprise that cybercriminals are using these tricks to subvert security measures. These types of attacks are just more of a string of phishing attacks that must be kept up with in order to maintain network security. Here are a couple of ways that you can make this happen.

  • Utilize Spam Protection: While they aren’t 100 percent effective all the time, spam filters are great for keeping threats out of your inbox. The most advanced phishing attacks could still make their way into your inbox, which is why we recommend taking multiple measures of network security.
  • Train Your Employees: If messages do make it past your spam filter, you will want those who are reading the messages—your employees—to be able to identify the threat and avoid it at all costs. This is where training comes in.
  • Implement Unified Threat Management: Unfortunately, even the best employees will make mistakes, so you will want to have a contingency plan in place for when accidents happen. A UTM gives you just that with a single all-in-one security solution for your network security.

4Corner IT can help your business approach network security in a responsible manner, implementing the best solutions and constantly testing your employees’ awareness of important security practices. To learn more about how we can help you protect your business, reach out to us at (954) 474-2204.

These New Password Best Practices from the NIST Are Not What You Think

Closeup of Password Box in Internet Browser

When a hacker tries to access one of your accounts, the first challenge they must overcome is the password. This is why industry professionals always encourage you to create them with security in mind. The latest guidelines issued by the National Institute of Standards and Technology, or NIST, are not quite conventional or traditional, but they do give valuable insights into how to create more secure passwords.

What is the NIST?

The NIST is the authority on all things password-creation, and they are no strangers to issuing various best practices. While these practices do shift over time, due to the unfortunate side-effect of threats adapting to security standards, their advice is trusted and should absolutely be considered by all. Please see below for the recent update on password best practices.

The New Guidelines

Many organizations and Federal agencies have adopted these guidelines. Here are the latest steps to take when building a secure password.

Length Over Complexity

Most security professionals have advocated for password complexity over the past several years, but the guidelines issued by NIST disagree. NIST suggests that the longer the password, the harder it is to decrypt, and they even go so far as to say that complex passwords with numbers, symbols, and upper and lower-case letters make passwords even less secure.

The reasoning for this is that the user might make passwords too complicated, leading them to forget them entirely, so when it comes time to replace the password, they will add a “1” or an exclamation point at the end. This makes them easier to predict should the original password be stolen. Users might also be tempted to use the same password for multiple accounts, which is a whole other issue that certainly does not aid in security.

No More Password Resets

Many organizations require their staff to periodically change their passwords, mostly every month or every few months. The idea here is to preemptively change passwords on the off chance that the old passwords have been compromised. Trying to use the same old password multiple times would then lock the hacker out of the account, as the password has since been changed. While this has been an accepted best practice for some time, NIST recommends that this practice be put to the wayside, as it is actually counterproductive to account security.

The reasoning behind this determination is that people will not be as careful with the password creation process if they are always making new ones. Plus, when people do change their passwords, they will use the same pattern to remember them. This means that passwords could potentially be compromised even if they have been changed, as a hacker could recognize the pattern and use it against the user.

Make Passwords Easy to Use

Some network administrators worry that the removal of certain quality-of-life features such as showing a password while the user types it, or allowing for copy/paste, will make the password more likely to be compromised. The truth is the opposite; ease of use does not compromise security, as people are more likely to stick to established password protocol if you make it easier for them to do so.

Don’t Give Out Password Hints

At the same time, you don’t want to make things too easy for your employees, either. One way that administrators help out employees who easily forget passwords is by providing password hints. The system itself is flawed, especially in today’s society of oversharing information across social media and the Internet in general. If Sally makes her password based around the name of her dog, for example, the hacker might be able to find that information on her social media page, then can try variations of that name until the code is cracked. So, in the interest of network security, it’s better to just forego these hints. There are other ways to make your password system easier to deal with that don’t compromise security.

Limit Password Attempts

When you place a limit on password attempts for your business, what you are essentially doing is giving hackers a limited number of chances to get lucky. NIST suggests that most employees will fall into one of two categories in regard to password remembrance; either they will remember it, or they will keep it stored somewhere (hopefully in a password management system). Thus, if an employee is likely to do one or the other, a limit on password attempts will not necessarily impact them but will make all the difference against security threats.

Implement Multi-Factor Authentication

COMPANYNAME recommends that your business implement multi-factor authentication or two-factor authentication whenever possible. NIST recommends that users be able to demonstrate at least two of the following methods of authentication before they can access an account. They are the following:

  1. “Something you know” (like a password)
  2. “Something you have” (like a mobile device)
  3. “Something you are” (like a face or a fingerprint)

If two of the above are met, then there is sufficient evidence to suggest that the user is supposed to be accessing that account. Consider how much more difficult this makes things for a hacker. Even if they have a password, it is unlikely that they also have physical access to a mobile device, a face, or a fingerprint.

Make password security a priority for your organization now so that you don’t have to worry about data breaches later on down the road. WheelHouse IT can help you set up a password manager that makes adhering to these best practices easier. To learn more, reach out to us at (877) 771-2384.