Menu

Breaches

Untitled-design-7

8 Biggest Threats to Small Businesses

, , , , , ,

Breaches: Part 2

We still see the same scene in horror movies: the main character runs into the house, slams the door, locks the deadbolt and sighs in relief — but somehow the killer still sneaks up and attacks them from behind!

If you own a small business you just might find yourself in a similar situation. Sometimes small business owners spend large amounts of time and resources physically protecting their operations just to let the most dangerous threats sneak in through the figurative back door.

Today we’re going to talk about the 8 biggest security threats to small business in 2019, in no particular order. While a few of them are new, some past risks are still very much in play.

Phishing

Not only is this the number one threat to cybersecurity, it’s also still on it’s way up. Phishing attempts were reported by 48% of small businesses in 2017 — up from 42% just one year prior. All indications point to this trend rising as it requires the least amount of resources and knowhow to attempt.

Microsoft Document Scams

There’s nothing safer than opening up a Word document, right? Think again! For the past few years, scammers have been getting creative with coding that allows them to gain access to your computer, which is why Microsoft has been having to work overtime to create new patches. However, since many companies delay updating their software, this remains a prime option for criminals.

Ransomware

Currently, over 1,100 different variations of ransomware are being tracked around the world. The FBI has stated that there has been a sharp uptick in these attacks recently and they advise that the practice will continue to grow rapidly the coming years. So far this year, not just businesses, but entire cities have paid ransoms to get their data back.

Cryptojacking

As cryptocurrencies such as Bitcoin have exploded on the scene, their demand and value have gone up as well. Although you can’t physically mint a Bitcoin as you could a dollar bill, they are “created” in a process known as mining. This is a resource-intensive practice that requires computing power that thieves often lack. The solution? Hijack other computer systems to do the computing for them, taking a toll on bandwidth and slowing down networks.

Internet of Things (IoT) Attacks

Technology is rapidly increasing, not just in computing devices, but in everything that’s become a computing device. With IoT technology, you can connect your servers to your security system, HVAC system — even the microwave in your break room! While this allows everything to be connected and consolidated in one place, it also creates vulnerabilities. Most of these devices have very weak security protocols in place: who would want access to the toaster in the office next door? But as they are often connected to the main network, it creates a backdoor that can — and has repeatedly been — exploited.

Mobile Devices

Many small businesses feel safe doing business on their mobile devices only to have them be one of their weakest points. While most of us have been lectured about using unsecured Wifi ad nauseam, the most recent threat to mobile computing is our reliance on the Cloud. In the past few years, companies such as Apple, Google, and Microsoft have made cloud backups a standard part of their services. Since so much information is stored in one location, it creates a prime target for criminals to attack and gain access to your information. While that may not be a problem if you’re just backing up family photos or text messages from your sister, any important documentation or other data for your business may have also found its way onto these mega servers without you even realizing it.

Undertrained Employees

What has been mentioned to this point is just a sample of the ever-evolving external cyber threats to your business. While an easy fix might be to hire someone who just graduated from a reputable university, the truth is, that may not be enough. A recent study showed that 40% of companies surveyed said that having employees with an applicable degree has shown not to be good enough to keep their systems safe. That same survey showed that less than 25% of applicants for cybersecurity positions were deemed qualified. If that’s how things look in your company, you may feel safe today, but might be in danger for what’s coming over the horizon. It is estimated that training someone to do the job well takes over six months!

Understaffed Security

In line with the last point, an estimated 69% of companies will have an understaffed cyber threat team, with a large portion of this being companies with absolutely no one in this role at all. What does this mean for a small business? Either people with no experience will have to fill this position, or there is nothing in place to protect valuable data from hackers.

The killer hiding in the back seat, sneaking in through the back door, or — even worse — he’s already in the house, are all clichés. Do you know what else is cliché? Letting your small business fall victim to cyber-attacks. While not all attacks might be avoidable, you’re much safer from attacks if you’re prepared. Updated security software and regular data back-ups are invaluable in this process. Awareness of the latest threats is also key. Just like in the movies; when a killer is loose, no one should feel safe.

Untitled-design-6

Are you on a Hacker’s watchlist?

, , , 0

Breaches: Part 1

Why a comprehensive cybersecurity strategy is important to your business?

Here’s an alarming statistic for Small Business owners: 65% of cyber-attacks are aimed at small to medium businesses.

If you’re a small business owner, you’re aware that your company might be vulnerable to attacks by hackers. Even if they haven’t found a way to break into your system yet, you can be sure someone is trying to find a way to steal your precious data. Hackers enjoy a challenge, to a point. If they can’t crack your system the first time, it’s more than likely that they’ll keep trying.

If they can’t get in they’ll eventually go away, but that doesn’t mean they won’t be back.

There is a good chance a hacker is watching your business right now. And a chance someone has already breached your security. According to one study, it takes an average of six months for businesses to realize that they have been, or are being, hacked. It then takes up to 55 days to confront and suppress the attack. By then it’s too late: the damage has been done.

But why do hackers target small businesses? Some of the reasons are obvious, and some may surprise you. Here is a list of 6 reasons why Small Businesses get hacked:

  1. Under the Radar

Not every hacker wants to be famous. Most don’t care about getting their conquests splashed all over the news. Many hackers attack small to medium businesses because those groups are less likely to report security breaches. The first reason for not reporting the breach is that the damage to their reputation can be much more expensive than the temporary loss of revenue, or the price of the ransom they’ll pay to retrieve their data. The second reason attacks go unreported is because law enforcement agencies are not cybersecurity experts.

2. Complacency

Businesses go through cycles; some good, some bad, but hopefully at the end of the day those cycles will all lead to company growth. While planning budgets, new hires, and equipment purchases for growth, frequently the security updates and back-up (BDR) hardware needed to protect that growth will fall through the cracks. Your old security software probably won’t be good enough to take you safely into the future. Sure, it got you where you are, but don’t rely on it just because it’s been “good enough” up to now.

  1. Smaller budget for Security

It’s no secret that occasionally, especially during growth phases, budgets get shifted around, and what was allocated for security last year may not be in the budget this year. An alarming 90% of small businesses admit to operating occasionally with no security system in place at all. No virus protection, no firewalls, no spam filters, and no back-up systems. The scary part is that the remaining 10% probably just didn’t want to admit it.

  1. Lack of proper employee training

Here’s an alarming statistic for you: up to 95% of ALL cybersecurity breaches that hit small businesses are due to human error. You try to stay on top of cybersecurity training for your staff, but people come and go all the time and training is bound to get put on the back burner. Sometimes breaches happen because simple procedures aren’t followed correctly. Password hygiene is a basic skill everyone should know; things like how to create a password, and why you should never write down your password and leave it posted to your computer. Not opening attachments to emails is also important, since over 92% of all malware is delivered via email.

  1. Usually quicker to pay the ransom

One study has shown that 53% of small businesses will pay the ransom to hackers upon contact with them. This is related to our first topic, “Under the Radar,” since the reasoning behind paying quickly should mean you’ll experience a shorter downtime. Paying the ransom is still no guarantee that you’ll get your data back. After all, these are criminals you’re dealing with. Plus, when you pay a hacker, you only encourage them to continue attacking businesses like yours.

  1. You’ve been hacked before

Hackers are like sharks: they can smell blood in the water from miles away. Once the word gets out that you’ve been hacked, and that you’ve paid the ransom, you’ll have hackers lined up around the block. Like a lot of criminals, hackers are looking for the path of least resistance. Once they hear you’re an easy target you’d better prepare yourself for all kinds of cyberattacks.

It takes work to develop a comprehensive cybersecurity strategy, train your employees on what to look out for, and maintain regular data backups, but all these things and more are necessary in today’s cyber landscape. Almost every day there are news stories about companies getting hacked, corporations paying millions in ransom, and small businesses closing because of hacks. Companies like Apple, Amazon, Target, and Facebook can afford the best security available, yet they still get hacked. Make cybersecurity a priority for your business and you’ll increase your chances of staying off a hacker’s watchlist.