This blog post aims to highlight the top security issues we encounter when asked to perform security tests, or just stopping by for meetings, in the case of WiFi issues.The main problem we see affects small businesses who have not seen fit to install any form of centralised authentication, whereby all initial user accounts on individual machines are, if you're still using Windows XP, Administrator accounts.
This presents a problem in that an Administrator account can do anything to the system, including the installation of software. This means that if an employee clicks on a link in an e-mail, that site can send them a program which they can install, given that they have the required permissions, which then gives an attacker access to their system.
This isn't to say that organisations that operate on Active Directory Domains are immune from this kind of problem, they can suffer it too, if their user accounts have incorrect privileges.
Another common issue we come across is the lack of awareness of security updates, which lead to operating systems and applications being vulnerable to attacks when patches to fix the issues have been around for years in some cases.
The above issues however are nothing compared to the number of small businesses we come across who do not change the default encryption settings or passwords on their ISP-supplied routers. In the case of a BT Business Hub, the encryption key is printed on the box, and is therefore accessible to anyone. Many routers also have the default login details somewhere on the device.
If this post seems like we're trying to scare you, we apologise, we just feel that, given the number of times we come across these issues, we should inform small business owners of the dangers.
If you would like to know how secure your network is, take a look at our Network Audit service.
Leave a Reply