Many people assume that cybercriminals only attack large, wealthy corporations and would not waste their time attempting to steal from small businesses or start-ups. In reality, the size of a company does not matter to a criminal, and in some cases, a small business is an even more attractive target. Small businesses have money, customer data, and connections to other businesses which could also be made vulnerable after an attack. They also tend to have smaller budgets for security and are not as aware of the risks. This article highlights the biggest security threats small businesses should be aware of, and why it is so critical for them to have adequate protection in place.
Over 90% of cybersecurity breaches are phishing attacks. A phishing attack is when the criminal sends an email which appears to be legitimate but contains a file or link which is malicious or damaging in some way. In some cases, the sender may even pretend to be a trustworthy contact or company to persuade a staff member to divulge sensitive data, passwords, or send money. Phishing attacks are particularly dangerous because they often succeed due to human error. Still, it is possible to implement technological safety nets, alerts, and regular staff training on recognising phishing attacks.
A malware attack is a term given to malicious code, e.g. viruses or trojans, which a hacker uses to access a computer network to destroy or steal data. Malware tends to come from a spam email, infected download, or connecting clean computers/devices to other computers/devices which have already been infected. When malware enters a device, it can enable hackers to access sensitive data and/or cause severe, often irreparable damage. Each device in your organisation needs to be protected by an Endpoint Protection solution as well as website protection. This can be included as part of an Extended Detection and Response or XDR platform which enables businesses of any size to protect their network from a variety of cybersecurity threats.
Inadequate Password Policies
You might be alarmed by how many companies are still using weak passwords, the same password for multiple accounts, and/or not changing passwords regularly. Hackers can run automated programs which run through thousands of potential password combinations in a matter of minutes. Passwords should be complex, including numbers, letters (upper and lower case) and special characters. It is also better to have a Multi-Factor Authentication system which means that more than one password or verification step needs to be completed before access is granted.
One of the most well-publicised types of cyberattack is the ransomware attack. The criminal will encrypt a company’s data to that it is not accessible or usable and tells the company it will only be released if they pay them a specific amount of money. Companies must choose between losing money or being unable to operate due to inaccessible/lost data. Endpoint Protection can protect devices from ransomware attacks by preventing the encryption of data and detect attacks before they happen. It is also essential that companies invest in a cloud storage solution which provides a backup in case data is lost.
While it is not always easy to protect against, sometimes threats come from the inside. A current or former employee (or a contractor/supplier) who can access sensitive data may intentionally or accidentally cause a data loss. These data losses can cause a lot of reputational, operational, and financial damage. You may be able to mitigate this by ensuring that employees only have access to the areas of the network they need to carry out their job and that security training is refreshed regularly.