Is your business doing enough to protect itself from cyberattacks?
Cyber-attacks on small to medium-sized businesses (SMBs) have seen a sharp rise in the last few years. A 2019 report by the Ponemon Institute found that cyberattacks increased by over 20% between 2016 and 2019.
Data breaches cost not only time but also money. The FBI’s Internet 2020 Internet Crime Report found that the total cost of cybercrimes in the US in 2020 reached 2.7 billion, and with an average cost of a data breach for an SBM being $149,000 (2019), small business leaders must take the necessary steps to improve their risk mitigation for cyberattacks.
The first step is to familiarize yourself with the many different types of cyber threats that exist.
What are the most common forms of cyber-attacks on SBMs?
- Phishing: Phishing attacks come in the form of communications disguised as coming from a reliable source. They can be emails that look like correspondence from company leaders or departments like the CEO, CFO, or Payroll. They can also be made to look like they come from a legitimate organization and prompt you to download a file, open a link, or provide sensitive information which will allow attackers access to your device.
- Man-in-the-middle (MitM): MitM attackers intercept a two-party transaction. This usually happens when someone uses their device on an unsecured network such as public Wi-Fi. Attackers intercept the connection and steal information from the vulnerable computer, such as credit card numbers, bank account information, or passwords.
- Malware: Malware is an umbrella term for many different attacks such as viruses, trojans, and spyware. Malware can be downloaded on a device by clicking a link that will install software onto the device. This “software” is designed to steal information or data, control the device, or otherwise impede the device's functioning. Here are a few common types of malware:
- Ransomware will gain access to sensitive files or data and deny the victim access unless a ransom is paid, often threatening to expose it, sell it, or delete it entirely.
- Trojans are an attack using software that plants itself within an app or a program—often used to give attackers access to the device.
- Spyware is software designed to track users on their devices and send the sensitive information it collects to a third-party attacker.
- Denial of service: Denial of Service (DoS) cyberattacks target and overload a server’s capacity and bandwidth, resulting in a server crash that takes it offline from actual customers who want to visit the website or purchase something from it. This is done by overloading the server with requests so it can’t process legitimate requests.
How can you protect your business?
1. Create a password policy
There are multiple cybersecurity platforms available for businesses that are easily found with a quick Google search. There are also many options for free cybersecurity software that can be upgraded with subscription services. Aside from implementing company-wide cybersecurity software on all company-linked devices, there are some standard practices that any business should be using, whether or not they have access to protective software.
According to the Ponemon report, 54% of SMBs have no insight into their employees’ password practices. Terrible password habits equate to seriously increased vulnerability to cyberattacks. Consider implementing 1Password or other password protection software programs that can be downloaded on every computer associated with your organization.
Ensure your employees aren’t saving their passwords in easily accessed folders. Have employees use password-generating programs to increase their passwords' strength and ensure they don’t use the same password twice. A common way for cyberattacks to find saved passwords on devices is to do a device-wide search for words that are 8, 12, 16, and 24 characters long, meaning that even if employees save their passwords in a nondescript file, it’s easy enough to identify them. This is where secure folders and password protection programs come in handy.
2. Create a software update policy
Another common issue that causes device vulnerability is outdated software. Create a policy that requires employees to update their software as soon as a new update is released. Software updates are often released to fix security issues and vulnerabilities, so it's critical employees don’t wait to update their devices.
3. Education and training
Finally, organizations must educate and train their employees to identify and protect themselves from potential cyberattacks. Start with including a training session during onboarding to ensure employees start with good practices from the beginning. Hold company-wide training sessions, and ensure you revisit the topic throughout the year.
Take a proactive approach
You may not be able to stop cyberattacks from targeting your business, but there’s a lot you can do to thwart them. By taking a proactive approach, educating your employees, and developing up-to-date risk management policies, you can save your business from dealing with damaging costs, harm to your reputation, and potential lawsuits. Take action early, and rest easy knowing you are protected.
Content provided by Q4iNetwork and partners
Photo by thodonal