hacking at workWe hear about hackers hacking all the time. But how  do they really do this? What is the actual “hack” of  the matter?

There are plenty of ways a hacker can get what they  want from a company, a person, or an agency, but here  are a few of the most popular methods of attack.

Social Engineering

This category is especially stressful because social  engineering is not thwarted by super tough software  or a ridiculously prepared security firm. Social  engineering exploits the individual people inside  an organization; it’s one of the cheapest and most  effective ways a hacker can get what he or she wants. But what exactly is social engineering?

Social engineering is a special form of intrusion that  can entail a variety of actions that use manipulative  tactics to encourage people to drop standard security  protocols. Anything from downloading a malicious  link to conveying login credentials over the phone to  holding your passcode-protected door open for the  next person is considered social engineering. In these  situations, hackers utilize social techniques to make  you ‘do’ or ‘say’ something you normally wouldn’t do  or say.
For example, a man calls you on the phone and claims  to be a technician from your internet provider. He says there’s an issue with the network, and to make  sure your business is unaffected by this problem, he needs your admin’s login credentials. He assures you  that everything will be super quick, and you’ll avoid  a lot of downtime. Appearing to be a no brainer, you  quickly hand over your credentials not knowing this  technician is really a hacker from across the country.  Instead of avoiding downtime, you just created a lot of  it… by handing over the keys to all your data.

Vulnerabilities

PC Security VulnerabilitiesSoftware, browser, and system vulnerabilities are  an easy in for hackers. Kaspersky Lab states that a
vulnerability “is associated with some violation of a  security policy.” This violation allows cyber criminals
to hide malicious code, unauthorized commands, or  malware onto your computer.

The majority of vulnerabilities are eliminated when  (or if) you update your workstation; however, many people fail to update their PC with the recommended  updates when they become available (choosing to postpone or ignore a critical update). For example,  about 30% of users are using an outdated browser, and nowadays, with vulnerability hacking like  Malvertising, outdated browsers are creating an even  bigger security concern.

With Malvertising, cyber thieves purchase ad space  on a website and embed code in the ad. When you land on a website with a malicious ad, the imbedded  code will search your computer for vulnerabilities and push malware into them. You don’t have to click  or view the ad to be infected; you simply have to visit the website. And the worse part about Malvertising  is that it can be any website—rare or well-known. Google, Yahoo, Reuters, Forbes, The Daily Mail,  and Huffington Post have all been previous victims of Malvertising—potentially infecting millions of  people in less than a few hours.

The best defense against vulnerabilities is to make  sure that all your technology is up-to-date at all times. Check your browser, operating system, software, and  applications for updates on a regular basis and never postpone an update when one becomes available.