I get to know the security habits of pretty much every client, whether it be their website security, or how they manage their computers, phones, files, backups ( if any) emails, and so on. I can say without hesitation that 99% of them are woefully unprepared, unsecured, and are basically easy targets.

This article scratches the surface of just some basic common sense, but business owners really need to start taking security seriously. "Who would want to hack me?" just doesn't cut it anymore as a credible excuse.

Here's the link:
https://www.informationsecuritybuzz.com/articles/10-important-cyber-security-tips-small-business-owners/


How secure do you think you are? Is it something that you take seriously?

I definitely fall in that 99 percent. It's not that I do not care about it but a) if they want to get in they will and b) I do not know anything of computers and internet (I cannot handle it myself) and no one I have done business with who does, doesn't address it with much if any emphasis.

Even though my city is experiencing a economic boom and has a population of (in the city/county probably 500K) I find it difficult to find computer professionals to do work for me. The times I have managed to get someone to respond they seem to not want to waste time with me and focus time and energy on larger businesses. At least that is the impression I've had a couple of times. Plus we use Mac.

I definitely fall in that 99 percent. It's not that I do not care about it but a) if they want to get in they will and b) I do not know anything of computers and internet (I cannot handle it myself) and no one I have done business with who does, doesn't address it with much if any emphasis.

It's true that you can't stop a motivated, experienced attacker, just like your front door can't stop a motivated, experienced burglar.
And as a small business it's pretty unlikely that you're going to be the target of a state sponsored attack.

However, it's the amateur script kiddies that cause the most harm to individuals. The 100's (or more) of small attacks that don't make the news that hit people who aren't expecting or using basic protection and security habits.

If your computer is backed up well, you're running updated software, and use common sense password security, you're more secure than most just doing that. But if you store other people's information, access to other systems, or have any financial information on your computer or phone what so ever, it doesn't take much to grab that info from you and cause you or someone you're connected to harm. Or, sometimes they just need your computer to launch DOS attacks, and you'll never know it's happening.

The goal should be to not make yourself an easy target so that you're part of the problem whether you're directly affected or not.


Even though my city is experiencing a economic boom and has a population of (in the city/county probably 500K) I find it difficult to find computer professionals to do work for me. The times I have managed to get someone to respond they seem to not want to waste time with me and focus time and energy on larger businesses. At least that is the impression I've had a couple of times. Plus we use Mac.

It's a common problem. I've heard pros say there's no money in doing home calls. The fact that you have a Mac may be part of it. Apple wants you to take every problem to the Apple store or they void your warranty. But you don't need a Mac specific person to help you enact some basic security precautions.

The weakest part of most people's security is themselves. Not the machines.

Just something to think about.

Keep in mind, I'm also a little more paranoid than most now that I know how easy it is.

I can say without hesitation that 99% of them are woefully unprepared, unsecured, and are basically easy targets.

That sounds pretty accurate. And the "easy target" part is why so many people get attacked. Like the article mentions, hackers know small businesses have poor security. I also second you, Harold, on the fact that although you can't stop a skilled and determined attacker, there's a small risk you'll be dealing with one. Just eliminating yourself from the 99% will cause the hackers to move on to one of the 99% that are easy targets.

Some of the members here may find this very interesting. It won't take you long to notice just how common web site hacking is because most web sites are sitting ducks.

https://www.google.com/search?&q="this+website+may+be+hacked"

It's worth mentioning that a default installation of WordPress is woefully insecure and susceptible to hacking. By default, WP doesn't even limit the login attempts which the article you cited mentions you should have. If you're not familiar with the term brute force attack (I know you would be Harold which is why those of us in the know are security fanatics), WP sites by default invite them simply by not preventing them. IOW, attackers can try to login with infinite attempts. Combine it with password cracking software and you have the reason the Google search I cited is such a common problem.

If your computer is backed up well, you're running updated software, and use common sense password security, you're more secure than most just doing that. But if you store other people's information, access to other systems, or have any financial information on your computer or phone what so ever, it doesn't take much to grab that info from you and cause you or someone you're connected to harm. Or, sometimes they just need your computer to launch DOS attacks, and you'll never know it's happening.

Well this is comforting. I do fall in this category.

I've had a personal theory that the easier it is for them to get into your stuff the less they will care about it. But the more difficult it is, then they believe you have some good information and they will enjoy the trouble of getting in there and getting it.

To be fair nothing is secure out of the box. Your front door needs a lock. Your car needs an alarm. WordPress is open source, which means anyone can study the code. Know what else is open source? Linux. The software used to run and manage the servers that your website is hosted on.

Most of the hacks and infections I see are because they got onto the server. Not because they guessed the password of one site in the admin panel. Password crackers aren't used as much as one would think. First off they require a lot of processing power, and it could take hours to crack one password. Unless it's a personal attack, that time is better spent infiltrating something that yields thousands of users, rather than just one.

It's usually users that are the weak link. Social engineering passwords is far easier if you don't have the kind of machine to run a password cracker. You can just study most people's social media profiles and probably get in the ball park of 80% of their passwords.

But even more so, a lot of people use the same or similar password ( and email address) on EVERYTHING.

Kid's names + year they were born
Wife's name + anniversary
Dog's name- kid's birthday
Combination kids name/wife's birthday
Lines from your favorite movie
Car you drive or car you want
College mascot
Year you graduated

All things I can find out about you on social media or your basic free people finder app.

Toss in a few random characters like "*" or "!" and most people are done with it.

Humans are always the weak link.
So if you're a customer of Lowes and they get hacked and your info compromised, it's more times than not a gateway to ALL of your other stuff that uses the same email address and same or similar password.

I've had a personal theory that the easier it is for them to get into your stuff the less they will care about it. But the more difficult it is, then they believe you have some good information and they will enjoy the trouble of getting in there and getting it.

Your info can be valuable to different people for different reasons. ID theft for one. Doesn't matter if you have "valuable" stuff on your computer or servers, YOU are the product as are those in your house, at your place of work or your contacts. Hacking you doesn't just give me you, it gives me a gateway to everyone you're connected to.

Sure, you're one person with nothing to hide. But let's say I get into your phone. Now I have access to all of your contacts to which I can send phishing messages, or infected emails disguised as you. Maybe even access to all of the wifi networks you use. Now your 200 friends are infecting their 200 friends, and so on. Through one person a hacker can infect thousands of others.

Also, as stated above, a lot of times just being able to use your machine for DOS attacks is of huge value to people executing attacks.