QUESTION 1:
Five Ways Hackers Can Get into Your Business

Hackers don't care what size your business is; they only care if they can get past your defenses and relieve you of your valuables. Hackers actually like small businesses as they tend to have more to steal than an individual person but fewer cyber defenses than a large company. The hard reality is that most small businesses stand at least a 50-50 chance of being targeted for attack by hackers. Did you know
Once every three minutes, the average company comes into contact with viruses and malware.
One in every 291 email messages contains a virus.
Three things hackers want most are customer data, intellectual property, and bank account information.
The top five file names used in phishing scams are Details.zip., UPS_document.zip, DCIM.zip, Report.zip. and Scan.zip.
The average annual cost of a cyberattack on a small or medium-sized business is $188,242.

Cyberthieves are always looking for new ways to gain access to your business data, business networks, and business applications. The best way to protect your business from cybertheft is to build a strong defense and be able to identify vulnerabilities and weak spots. The top five ways hackers will try to gain access to your businesses, according to John Brandon of Inc. magazine, are highlighted in Figure 4.17. (Please note that there are far more than five ways; these are just the five most common.)

Figure 4.17 Five Ways Hackers Gain Access to your Business

WEAK PASSWORDS
With a $300 graphics card, a hacker can run 420 billion simple, lowercase, eight character password combinations a minute.
Cyberattacks involve weak passwords 80 percent of the time; 55 percent of people use one password for all logins.
Hackers cracked 6.4 million Linkedin passwords and 1.5 million eHarmony passwords in separate attacks.

Your Best Defense:
Use a unique password for each account.
Aim for at least 20 characters and preferably gibberish, not real words.
Insert special characters: @#$'&.
Try a password manager such as LastPass or Dashlane.

MALWARE ATTACKSS
An infected website, USB drive, or application delivers software that can capture keystrokes, passwords, and data.
An 8 percent increase in malware attacks against small businesses occurs yearly; the average loss from a targeted attack was $92,000.
Victims of infected mobile developers' website attacks include Apple, Facebook, and Twitter.

Your Best Defense:
Run robust malware-detection software such as Norton Toolbar.
Keep existing software updated.
Use an IPhone; Android phones are targeted more than any other mobile operating system.

PHISHING EMAILS
Bogus but official-looking emails prompt you to enter your password or click links to
infected websites.
A 125 percent rise in social media phishing attacks has occurred since 2012. Phishers steal $1 bilion from small businesses yearly.
Many small businesses are targeted with phishing emails designed to look like Better Business Bureau warnings.

Your Best Defense:
Keep existing software, operating systems, and browsers updated with the latest patches.
Don't automatically click links in emails to external sites; retype the URL in your browser.

SOCIAL ENGINEERING
Think 21st-century con artist tactics; e.g., hackers pretending to be you to reset your passwords.
Twenty-nine percent of all security breaches involve some form of social engineering. Average loss is $25,000 to $100,000 per incident.
In 2009, social engineers posed as Coca-Cola's CEO, persuading an executive to open an email with software that infiltrated the company's network.

Your Best Defense:
Rethink what you reveal on social media-it's all fodder for social engineers.
Develop policies for handling sensitive requests such as password resets over the phone.
Have a security audit done.

RANSOMWARE
Hackers hold your website hostage, often posting embarrassing content such as porn, until you pay a ransom.
Five milion dollars is extorted each year. The real cost Is the data loss-paying the ransom doesn't mean you get your files back.
Hackers locked the network at an Alabama ABC TV station, demanding a ransom to remove a red screen on every computer.

Your Best Defense:
As with malware, do not click suspicious links or unknown websites.
Regularly back up your data.
Use software that specifically checks for new exploits."

Case Study 1: Five Ways Hackers Can Get into Your Business

1. Define information ethics and information security and explain whether they are important to
help prevent hackers from gaining access to an organization.
2. Identify two e-policies that a business could implement to ensure the protection of sensitive
corporate data from hackers.
3. Demonstrate how a business can use authentication and authorization technologies to prevent
hackers from gaining access to organizational systems.
4. Analyse how a business can use prevention and resistance technologies to safeguard its
employees from hackers and viruses.
5. Explain why hackers want to gain access to organizational data.
6. Evaluate additional ways hackers can gain access to organizational data.