Get in touch with us today! Call us toll-free at 1.866.854.4111 or email us at sales@remwebsolutions.com
Web Design Development Kitchener Waterloo Guelph Cambridge E-commerce
This is a headshot of Brad Anderson.

 

There's a common but potentially devastating cyber security misconception among small businesses. This is the small fish in a big pond argument that a small business is just one target out of millions of businesses. This implies that they benefit from a safety in numbers, especially when there are much bigger and more tempting businesses for hackers to target.

 

However, this argument doesn't hold up because small businesses don't have the security resources of large businesses. This makes them much easier and more attractive to hack. Hackers also use software to locate targets according to varying criteria, many of which have to do with security vulnerabilities. If a target looks promising, hacking attempts will be made, regardless of business size. And it only takes a few months, at the most, for the software used by hackers to find a website. The huge numbers of hackers and their sophisticated technology means there's no safety in numbers.

 

Another fact to consider is that at least one type of hacking, called brute force, is easy to do and requires little more than an ability to follow instructions. You need only download a free network cracking tool such as Hydra and some quality word lists, and you're set to go. Brute force hacking is considered a script kiddie method. This low barrier to entry is a big reason for the proliferation of hackers.

 

When you successfully hack a business site and obtain data, converting it into cash is also convenient because of the many data black markets where you can find others who will buy what you have. Many data black markets operate in a similar way to eBay.

 

How Brute Force Hacking Works

 

Brute force software essentially tries to guess passwords at a login page by using all possible combinations of characters until one combination works. This can take a very long time for lengthy passwords and isn't practical. However, for short passwords of a few characters it's very feasible. The advantage of this method is that, with sufficient guessing, it always works.

 

However, many hackers only use this method as a last resort after word list or dictionary attacks have failed. A word list (or dictionary) attack tries commonly used passwords (such as 1234, qwerty, etc.) as well as common words and names people place in their passwords. This modified brute force method cracks passwords quickly, provided they are common or are built up from words. Commonly used number prefixes and suffixes may also be appended to word based guesses, since people often do this when making up a password, such as 123mypassword.

 

 

Protecting Your Business From Brute Force Hacking Methods

 

What the above clearly reveals is that long and random passwords are unhackable because they would take too long to break. Extremely long passwords might require hundreds of years. In addition, your login page should lock out users for a few hours after a certain number of failed login attempts.

 

An easy way to generate long memorable passwords is to use the first letter of each word of a long sentence. Choose a sentence that only has meaning to you. Include numbers in your sentence such as "2 people 8 3 slices of bread," where 8 means "ate". Special characters can be used as word substitutes (@ means "at," # means "number," etc). Your password should be at least 12 to 14 characters long, but longer if possible. If you have any comments or questions, don't hesitate to contact us.

Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

Contributors

Brad Anderson
122
August 22, 2019
Show Brad's Posts
Ryan Covert
48
July 26, 2019
Show Ryan's Posts
Sean Sanderson
63
July 23, 2019
Show Sean's Posts
Matt Stern
4
July 16, 2019
Show Matt's Posts
Sean Legge
1
June 28, 2019
Show Sean's Posts
Sean McParland
17
June 28, 2019
Show Sean's Posts
Rob Matlow
84
April 17, 2019
Show Rob's Posts
Christine Votruba
24
January 18, 2019
Show Christine's Posts
Todd Hannigan
47
November 13, 2018
Show Todd's Posts