Cyber Attacks are Growing Against Small Businesses

img blog Cyber Attacks Growing Against Small Businesses r1

Cyber attacks have been on the rise dramatically throughout the pandemic. In the wake of the cyberattack that knocked out the Newfoundland and Labrador health-system data-centres, in early November, it would be tempting to think that hackers are only targeting large enterprises. Nothing could be further from the truth.

In an article by Solvere One, they write, “Malicious hackers know the majority of smaller organizations are not prepared for network security breaches, making them popular targets for cyber attacks. Smaller companies must implement a robust security strategy to defend sensitive information against ever-present cyber threats.

The average cost of a cyber attack has exploded from $34,000 to just under $200,000 per single incident, according to Hiscox’s Cyber Readiness Report. This is a setback that many small businesses can’t recover from.

Every Organization Is at Risk For a Breach

Small businesses across all types of industries are vulnerable to security breaches. As IT infrastructures become more complex, to support the growing digital demands of today’s companies, security measures need to evolve to support these sophisticated setups.

Cyber criminals are already way ahead of the curve, so much so that virtually every organization will experience a breach at some point. For small companies today, it’s not a matter of if a cybersecurity incident will happen, but when.

Making small business network security a priority is a must as cyber attacks continue to grow. Unfortunately, most organizations of this size aren’t yet on track.

With cyber criminals exploiting network vulnerabilities, developing an approach based on your particular risks is key to successfully mitigating these devastating attacks. Many organizations have no type of plan in place in the event of a breach, let alone the necessary protection to prevent an infringement in the first place. 

Top 5 Cybersecurity Threats for Businesses in 2021

In an article by SecurityMag, they write, “As cybersecurity threats continue to advance, it’s more vital than ever before to assess your company’s vulnerabilities. We’ll walk you through five prevalent cybersecurity threats for businesses, along with three helpful tips to combat them.

1. Phishing

Phishing is a hacking scheme that tricks users into downloading harmful messages. This scheme appears to be a regular email using legitimate-looking links, attachments, business names, and logos. The email persuades users to take action, whether it’s clicking a link or downloading an attachment. 

A phishing email may also have a clickbait subject line that catches your eye. Whale phishing is another form of email phishing that’s targeted at company executives. Alternatively, spear-phishing sends emails to other specific members of a business to steal information. 

While email phishing is most often noted, phishing takes additional forms. Smishing, for instance, sends SMS messages that garner clicks to dangerous links. In contrast, vishing sends fraudulent phone calls and voice messages that pose as legitimate companies. Search engine phishing is a newer form of phishing where hackers create fake online websites and rank on search engine results to rob customers’ information.

In a recent study from Cisco — 2021 Cyber Security Threat Tends: Phishing and Crypto Top the List — 86% of organizations reported having at least one user connect to a phishing site. Therefore, one wrong click from an employee can expose a business to massive risk. 

2. Malware

Malware, also known as malicious software, hacks devices by either slowing them down significantly or stopping them from working entirely. It destroys computer systems through agents such as trojan malware, spyware, viruses, ransomware, adware, and worms.

Malware can be released into a computer by: Clicking an infected link, downloading a file or material from an unknown source, clicking a pop-up ad, or downloading an email attachment from an unknown sender. Once malware is released into a computer system, hackers can gain access to your company’s passwords, credit card numbers, banking data, personnel files, and more.

Over the last year, companies reported that out of all of the malware attacks they encountered, 35% of the attacks used previously unseen malware or methods. Unfortunately, this percentage is likely to increase as more employees work remotely.

3. Ransomware

Ransomware is a specific form of malware that encrypts a user’s computer systems. Once a ransomware attack has been implemented, users can no longer access their systems or files. In order for users to re-access their systems, they’re required to pay a ransom fee to the cybercriminals. 

Ransom transactions are often made through Bitcoin. Cybercriminals may also request other methods of payment, such as Amazon gift cards. The ransom costs can range tremendously from hundreds of dollars to thousands of dollars or more. However, many organizations that make the ransom payments still don’t retrieve access to their systems.

Ransomware is often spread through a malicious download in a phishing email. An attack can be targeted to either individual employees or entire organizations. Throughout the pandemic, a notable 58% of US companies reported a loss of revenue as the direct result of a ransomware attack.

4. Data Breaches

A data breach occurs when sensitive data is stolen from a system without authorization from the system owner. Confidential user information can include but isn’t limited to: credit card numbers, social security numbers, names, home addresses, email addresses, user names, and passwords. 

Breaches may be implemented through point-of-sale (POS) systems or a network attack. A network attack is likely to occur when cybercriminals identify a weakness in a company’s online security system and use the weakness to invade the system. 

Social attacks are also prevalent, where hackers fool employees into granting access to an organization’s network. For instance, they may be tricked into downloading a harmful attachment or accidentally giving out login credentials.

Once a data breach occurs, businesses must take immediate action to contain the breach and resolve the issue. Failing to do so may result in a tarnished reputation and fines ranging from thousands to millions of dollars.

5. Compromised Passwords

Compromised passwords most often occur when a user enters their login credentials unknowingly on a fake website. Common username and password combinations also leave accounts more vulnerable to attacks. Password reuse across multiple platforms can make your systems even more susceptible to hackers, leaving multiple accounts at high risk.

When creating passwords for company accounts, always ensure that you use unique, hard-to-guess passwords. With 51% of people reporting that they use the same passwords for both their work and personal accounts, instruct your employees to follow specific guidelines for maximum security.

For Small Businesses, the Damages Are Difficult to Overcome

In an article by Solvere One, they write, “Could your business handle a $200,000 security breach? What about multiple breaches?

The damage, for most of these smaller companies, can quickly add up. This is particularly true if a threat infiltrates a system and goes undetected — which is entirely possible when network monitoring and automated threat detection mechanisms aren’t in place.

In addition to monetary damages as the result of cyber attacks on small businesses, these companies also have to shoulder legal fees, compliance penalties, loss of reputation, and loss of customers. These consequences can easily bankrupt a business. In fact, an estimated half of small businesses close within six months after a cyber attack.

Organizations are constantly at risk and need to adopt a comprehensive security strategy to:  Prevent a cyber threat, mitigate damage should an incident occur, and implement risk management policies. By doing so, these companies can protect their assets and make it easier to recover after an attack.

Enhance Your Network Security

Taking a multifaceted approach to cybersecurity is your best bet to avoid a cyber attack. Most small companies house sensitive information, and are at risk of being targeted by malicious hackers.

Here are a few steps you can implement as part of a more extensive strategic approach to augment your small business network security…

  • Back up your systems daily – you need to be able to recover your information if your system is compromised. [These backups need to be redundant.]
  • Install and update methods to protect against network attacks, including firewalls and encryption methods [Some cloud backup providers do not offer encryption. Be sure to do your research before signing up], to keep sensitive information safe.
  • Conduct ongoing vulnerability testing on your networks to close gaps and address weak points before they have the chance to be exploited by hackers.
  • Implement tools to scan networks and apps to automatically detect a breach and mitigate damage as soon as possible. [Breaches can happen when you DON’T update your software. Software is updated to ‘patch’ faulty code. Hackers can get in through these known flaws if your system is not up to date.]  
  • Use multifactor authentication to reduce the chances an unauthorized individual would be able to access your network.
  • Provide regular training for employees, including real-world scenarios, to help them identify threats and respond appropriately.

While cyber attacks on small businesses can originate inside or outside a company, employees are often considered the biggest threat to smaller organizations. A reported 43 percent don’t receive regular cybersecurity training, and eight percent have received no security training whatsoever.

The mindset that employees are responsible for helping to maintain network security is crucial to preventing an attack. All personnel at an organization should receive cybersecurity training every few months to stay current on the latest attacks and do their job to prevent a breach. Whether it’s recognizing and reporting a phishing email or identifying when something isn’t right in the network; [employees can be your first line of defence].”

3 Tips to Combat Cybersecurity Threats

In an article by SecurityMag, they suggest…  

1. Build Your Expertise—Internally and Externally

All organizations, particularly small and medium-sized businesses, may struggle with staffing the right team to ensure an organization is protected from the latest cyber threats and ready to combat an attack. But, hiring an in-house security engineer or IT security manager can be expensive. 

Many businesses choose to find a cybersecurity company that they can trust. Two advantages of working with an outside organization are that they can provide 24/7 monitoring for attacks, and they are experts that stay up-to-date on the ever-evolving landscape of cyberattacks.

2. Educate Your Team

Some best cybersecurity practices may seem obvious to most, but it’s important to educate your entire team and ensure everyone is on the same page. Talk to employees about the importance of strong passwords, how to safely use a shared network, what your internet use guidelines are, and how to handle and protect customer data.

Train your team to recognize phishing attacks by looking for URLs or email addresses that are close but not exact, identifying language with misspellings or that feels a bit “off,” and being cautious of requests for passwords or other personal information. Even savvy security teams can fall prey to a cyberattack. Giving employees things to look for can help catch an attack quickly. 

Last year, an UpCity employee noticed many outbound emails from their account that they didn’t send and immediately knew that their password was likely compromised. After promptly changing their password and notifying the IT department, they reviewed all of their email settings. 

The attacker added a mail filter that forwarded all incoming mail to an external address was discovered and removed. A less-thorough response may have missed that detail, allowing the attacker to potentially regain access to their password or other accounts.

3. Create a Cybersecurity Policy

Your cybersecurity policy should be a living document that is updated as attacks evolve. However, the basics of a policy should include guidelines on protecting devices (including up-to-date operating systems, browsers, firewalls, and encryption), multi-factor authentication (not just strong passwords, but secondary methods of authentication), and data protection (including how to handle customer data and what is appropriate to send via email). 

Your policies should be readily available to your employees and reviewed frequently to ensure the entire organization understands and abides by the proper protocol.

Having a cybersecurity plan is more important than ever. With the number of cyberattacks always increasing against an ever-growing remote workforce, it is paramount that all companies — regardless of size — understand current cyber threats and what to do to prevent and combat them. 

Having a plan that is executed thoroughly and reviewed regularly is the best first step to keeping company and customer information safe. Cybersecurity can no longer be a project set on the back burner. Understanding the latest threats, and what to do to prevent them from impacting your organization, is key to protecting your business.”