Think your business is too small to be of interest to a cyber criminal? Think again. While big companies make the headlines for their data breaches, small companies are also a favourite target of hackers. "Small businesses can be a really sweet spot for cybercriminals. They have more money to steal than a consumer and less security in place than a large business," said Kevin Haley, director of security response at Symantec.
The fact of the matter is, small businesses are the most vulnerable when it comes to cybersecurity and they are the common prey for hackers and cyber thieves. Unlike big corporations that have the budget to manage their technology risks and put in place fancy sophisticated systems to protect themselves from cyberattacks, small businesses may find themselves struggling to protect themselves.
But all hope is not lost. Most cyber attacks happen in one of these three ways: via vulnerabilities in out-of-date software, phishing attempts and ransomware. While these things are terrible and can cripple a business, there are cost effective ways to manage this risk.
Software companies release what is called an update or “patch”. Every patch released is an update to protect your device security weaknesses that were discovered by the software company. Failing to update your software on a timely basis can put your business at risk. Hackers exploit weak spots in unpatched software to access your device(s), lock your files and render your device(s) useless. In such an instance, client files will be at serious risk, not to talk of your business. The simple solution is to patch regularly, but what if you’re IT department is already overworked? Or what if you don’t have an IT department? There are many IT service companies out there that can help small businesses by becoming their outsourced IT department. Similarly, a Managed Security Services Partner (MSSP) can also help clients with this and a host of other services relating to cybersecurity. The key is to find a partner that can tailor a solution to your needs and budget.
Phishing email attempts are a great way for hackers to get access to corporate credentials and personal information. A phishing email is a fraudulent email made by a person who passes himself (or herself) as someone you can trust, with the intention of obtaining sensitive data from you. This sensitive data could be your credit card details or even your username and/or password. It is a serious problem, as reported by Proofpoint, 83 percent suffered from phishing attacks in 2018. A further breakdown revealed that 67 percent of the victims suffered from a decrease in productivity, 54 percent suffered the loss of propriety data and 50 percent suffered from damage to reputation.
Phishers have become better at disguising themselves these days. It used to be, all you had to do was find a million spelling mistakes in an email, and you knew it was fake. Education is a key in preventing phishing. Teach staff how to recognize suspicious emails by looking at headers, or simply highlighting links to show the true domain name. If a user still isn’t sure if they are reading a legitimate email, teach them that it is OK to call “the sender” just to ensure that the email is really from them. If you still have curious staff that wonder “what if”, and have to click, anti-Spam software can also help, as will having up-to-date anti-virus and anti-malware programs.
Ransomware is one of the most talked about issues in the last few years. A recent Zdnet article confirms that ransomware attacks have doubled in 2019. Hackers love this, as it is a low risk, high payback for them. An interesting statistic revealed by safe at last, shows that the minimum annual global revenue of ransomware is $1billion. Ransomware is a kind of malware that encrypts your files, thus rendering it inaccessible to you. How the hacker makes money, is by telling you that the only way you can get access to your files again is to pay a ransom. Once the ransom is paid, the hacker promises to send a decryption key to allow you access to your files.
There are many different schools of thought on whether one should pay or not pay the ransom. After all, can you really trust a criminal to provide you with a decryption key? And who’s to say they won’t do it again? The best protection is to have back-ups of your files, so that if a hacker does encrypt the files on your system, you have copies somewhere else that haven’t been infected that you can still access. Having up-to-date anti-virus, anti-malware and firewalls in place will also go a long way to help stop this threat.
As you can see, small businesses are great targets for hackers, as they typically don’t spend a lot on security, but have access to more money that the average consumer. Even though the threat is real, there are things every small business can do to protect themselves, and some of them really aren’t that expensive. So, the question is, can you afford NOT to invest in cybersecurity?
Want your staff to help prevent phishing attacks? Contact us about phishing awareness training.