Smart Tech Creates New Vulnerabilities That Traditional Services Can’t Defend Against

By Chris Knight

Attacks on businesses are coming from a whole different direction to what your IT department might be used to. From hijacked routers, smart hubs and printers to deeply hidden attack code in documents or other web services that traditional solutions are no match for.

Pity the poor receptionist who opens an important looking email she thinks is from her boss with an attached spreadsheet. She launches that, and without knowing it compromises her whole company’s IT infrastructure, data and services. Or, consider the increasing number of weak devices with common passwords or broken encryption like brand name and generic IP cameras, many network routers and printers, that can be attacked directly with bots hunting down millions of these devices 24/7.

Once a hacker has found any exploit through phishing or direct attack, they can steal your data, hold it for digital ransom, or bring your business crashing to its knees. All done invisibly in a matter of seconds, just because they can. Traditional firewall and antivirus software is not sufficient to intercept these types of attack, it takes always updated services with AI smarts to track down brand new threats to protect your endpoints, services and servers from attack.

Attacks have destroyed the IT systems of giant companies like shipping firm Maersk while endless small businesses are wiped out due to a lack of precautions, thinking it will never happen to them. Computers and services might be considered a consumable, almost throwaway service, by many, but when their files vanish and they don’t have backups, reality bites very hard indeed.

As we all rely increasingly on IT to get more of our business processes done, hackers know they can take systems and services down, and many companies will pay up to get them back, even if the criminals have no intention of restoring them. In short, this is a battle your business cannot afford to lose.

Protect Your Business From All Threats

As there is no such thing as “totally secure” in the digital era, your business needs a range of tools to protect the company’s IT infrastructure and data. You need to protect both endpoints (including PCs, smartphones, tablets and other gadgets) and your cloud presence and remote services.

Every company also needs network security tools and design advice to build a network robust enough to defend against hackers and agile enough to adjust should a DDOS or other outage occur. Startups with a cluster of random network appliances are at massive risk, thinking they are too small to be hit, but automated attacks can easily devastate the company before people can react.

With all the services in place, there is still no guarantee, so penetration testing can automatically see just how secure your network is and highlight any weak spots. And the attacks can be run repeatedly using the latest information and weaknesses to check if your systems are secure.

Using any or all of these services, your business stands a better chance of survival than using the traditional methods alone. And if there is an attack, incident response gives you professional advice rather than having staff floundering around looking for the source.

You should also ensure your staff are well trained in how to spot phishing attacks, taught not to bring random personal devices into the office, and to make sure they backup their own data alongside the company’s own precautions, in line with any legal requirements.

Tomorrow or next week, the threat landscape will change again with new risks, perhaps through your company chatbot or a partner’s cloud services. Using always-on, multi-level, security, you can protect against the vast majority of threats.

Latest Massive Router Vulnerability Highlights Need for Total Security

By Chris Knight

Your business protects its network and data with traditional security solutions, but what happens when the network hardware itself is the weakest point? A recent vulnerability highlights the need for complete and smart business protection.

TP-Link is a fast-growing brand providing networking equipment to home users and business. Starting in China in the nineties, selling network cards, they now have a global reach and offices in the U.S., United Kingdom and elsewhere.

As networking equipment, wireless routers and switches have become a part of every office, demand has soared and traditional vendors with high-end products have had to meet the challenge from the likes of TP-Link and others, with brands and products that can be 30% cheaper.

However, with lower costs comes reduced budget for security and testing. So, it comes as little surprise that some of TP-Link’s routers have had a major security hole in them dating back to 2017, including theWR940N and WR740N models.

These have allowed even the more brainless hackers and script kiddies out there to take control of TP-Link routers and attack the networks and data that use them. And even though the company was warned about the risk, it continued to use the same firmware in other devices, increasing the chance of users being hacked or their devices being turned into botnets to launch further automated attacks.

TP-Link didn’t help the situation by not publishing the patches on its website until very recently. Even so, while the models have had patches released for them to fix the security vulnerability, not every business has the IT staff to check they are updated, or any staff at all to manage their hardware. And home users are even less likely to know the risks.

Antivirus vendor Avast reveals that some 30% of TP-Link routers exhibit weak HTTP credentials, using the basic user name:admin and password:admin to log in. If those are not changed, it means anyone can access the router. These are instantly updated by any networking professional, but if your business grabs a router from a store and rushes to set it up to solve a networking problem or because the startup is growing fast, it might get overlooked.

TP-Link is far from the only vendor who has these issues, but while other brands and devices might have a problem, they tend to be more proactive in fixing them. This news should give all businesses cause to look around the IT in their offices, check that drivers are up to date, security protection is in place and ask what more they can do to stay safe.

How to Defend Your Business

All of which puts the onus on having good, smart, security for your business IT, allowing you to get on with running the company while the smart services like can provide defenses against the latest cybersecurity risks.

They can protect your data from theft, your hardware from attacks that could cripple the business and keep intruders out of all your systems, including PCs, printers, routers and other hardware, each one of which adds an element of risk to your IT footprint.

Penetration testing can be used to test your networks automatically to check how secure they are, but all workers and users need to be taught the basics of cybersecurity to ensure the business remains secure.