Hackers Don’t Always Attack Your Business on the Internet

When we think of hackers, we think we of sophisticated actors across the internet—users who know how to code their way into malicious attacks to earn money. That is true, and it’s the basis for many attacks. However, sometimes, attacks start in the real world, and the best way to fight them off, is to simply be aware of your
April 25, 2023
 / 
meritsolutions
 / 
Image

When we think of hackers, we think we of sophisticated actors across the internet—users who know how to code their way into malicious attacks to earn money. That is true, and it’s the basis for many attacks. However, sometimes, attacks start in the real world, and the best way to fight them off, is to simply be aware of your surroundings.

Hackers like an easy point of entry. It isn’t worth their time to break into accounts and networks that are well guarded, use strong and unique passwords, and check in on the privileges of their users. The easiest point of entry, then, is to steal passwords to the accounts they’d like to break into. One common way to do this, of course, is through phishing: an attempt to eke the password out of you through malicious emails or texts.

However, bad actors can also steal passwords in the real world. If they gain entrance to an office, they’ll casually look across vacant desks for passwords on sticky notes or computer monitors: They’ll watch people enter their phone PINs over their shoulders, then steal the phone when they aren’t looking. These actions happen in the real world, not on the internet, which means you need to be aware of what you’re doing when working within your businesses network (as well as your own).

As a general rule of thumb, never leave sensitive information out for people to see. Passwords and account information should never be written down and made available to onlookers. Instead, use a password manager to securely store and access your various account passwords, and make sure they’re strong and unique while you’re at it.

The same goes for entering your passwords and passcodes in public. Phone PINs—like ATM PINs—are easy to slyly memorize over your shoulder. Make sure no one is able to see you enter your PIN when you do so.

Another IRL tactic involves USB thumb sticks. Bad actors will leave these devices in a public space, near the target network they want to infect. Some who work within the network may find these USB thumb sticks while outside, then bring them in and test them on their computer, infecting their network in the process. Never connect a strange device to your network.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.