Credential theft of an SMB

Credential Theft Threats Facing SMBs

Jake Ludin Uncategorized

Credential Theft Threats Facing SMBs

Data and credential theft have become an increasingly prevalent concern for SMBs as more attackers choose to target them. It’s common to hear about large scale hacks, such as Target, Yahoo, or Equifax, but far less frequently reported are attacks aimed at small businesses. According to UPS Capital, cyber attacks cost small businesses an average of $84,000 to $148,000, and 60% of those attacked go out of business in 6 months. Considering that most businesses store such valuable data as social security numbers, financial records, and personnel records, it begins to make sense why they’re targeted. So we’ve compiled the most common ways that data thieves target companies and how to prevent them from succeeding.

Phishing Attacks

The first method we’ll address are phishing attacks, which is when the attacker impersonates a trusted entity and convinces someone to reveal user data, credentials, proprietary info, etc. This is most frequently attempted through email, but can be performed using any type of messaging application. What the target will typically see is a form message containing an untrustworthy link and wording designed to coerce the target into clicking it or divulging important information. The email will be written in a way to play into a target’s basic emotions such as fear, greed, or sense of urgency. An example of each would be:

  1. Fear: Your credit card number has been stolen, click here to file a claim
  2. Greed: You’ve won a free iPhone, click here to claim
  3. Urgency: Countless people are protecting themselves from imminent hacking attacks using this tool, click here to download

The most effective security for preventing phishing attacks is properly training network users to spot them. If the users that are targeted by these attacks are trained to spot and avoid them, you’ll likely avoid the risk all together.

Outside of the human element, there are other highly effective forms of security to consider. Implementing a Single-Sign-On (SSO) policy allows users to enter their credentials once and be logged into all the applications they’d need. If a message requests the user to enter their credentials for access, it’ll be obvious that it’s a phishing attack because it’s unnecessary for them to log in. You can also require two-factor/multi-factor authentication for all users, which requires someone to enter two levels of credential authentication to login. This small addition reduces the odds that an attacker will gain network access because of the added layer of security. Lastly, if anyone receives and identifies a potential phishing message, they should contact IT straight away and quarantine the device. From there, the message can be diagnosed and defused if it is an attack. The design, tactics, and other details about the message can then be distributed to make users aware of the threat and keep vigilant in search of similar messages.

Physical Theft

A cause of data theft that is often neglected but can be detrimental is not properly protecting against physical credential theft. This commonly occurs when users are subject to a password expiration policy that requires frequent changes of complex passwords. To avoid the annoyance of remembering numerous complex passwords, many people will resort to writing them on post-its and sticking them to their desk or monitor. This is obviously harmful to network security as any person in the building could easily steal network credentials. Many organizations are eliminating this threat by doing away with credentials entirely. Due to credentials many shortcomings, organizations are rapidly switching to certificate-based authentication. Credential-based networks heavily rely on end users to be diligent in maintaining password integrity, whereas certificates allow users to enroll once for network access and stay connected for the life of the certificate. No one can break into your network using credentials if there’s no credentials to steal!


The last form of theft we’ll discuss is known as over-the-air credential theft, and it is the act of stealing credentials as they’re being sent “over the air” for authentication. When your device sends credentials to the server to be authenticated, there’s a possibility it can be intercepted in the process. Credential thieves do this through Evil Twin or Man-In-The-Middle (MITM) attacks. The premise is that the attacker will use a laptop to spoof the SSID used on-site and create one for the purpose of tricking users to connect to it, swiping the credentials that are sent to them, and gaining network access. A highly effective method to ensure that no network users’ device attempts to connect to the wrong network is by using server certificate validation. This security measure configures devices to confirm that the RADIUS server is a trusted party; therefore, if the RADIUS is not confirmed, the device does not send over credentials.

Hackers will persistently attempt to profit by compromising networks and stealing data, so it’s vital to have security preparedness to handle it. If one network user is compromised, the effect can have wide-reaching implications. For many small businesses, the prospect of recovering from an attack may not be possible, so ensuring that every user is properly trained and you’ve deployed a secure network is the best defense at your disposal.