Based on a study commissioned by the National Cyber Security Alliance, only 27% of small businesses have taken appropriate measures to ensure their systems are secure.
The same study also discovered that 59% of these small enterprises depend on the internet for their daily operations. With more transactions being done online since 2020, the number of attacks will likely continue to grow.
Any small business with an online presence needs to properly secure its data, systems, and networks. To do so, your company should be familiar with the strategies that hackers employ to gain access to your data and networks. In this article, we will look into the most common cybersecurity threats and what you can do to mitigate them.
Phishing and Spoofing
Phishing is a kind of cyber-attack that happens when an employee grants hackers access to your system, often through an employee’s email Attackers often send emails en masse, usually pretending to be a legitimate organization, such as PayPal or another online service. These emails usually involve asking for the recipient to verify their information, such as logins and passwords, or leading them to websites that look like legitimate login portals.
Once the attackers obtain the employee’s credentials, they can then access the victim’s account. Last year, a 667% spike in the number of phishing attempts was reported, preying on people’s fears about the pandemic.
How to prevent phishing and spoofing: Phishing and spoofing attempts can often be identified by looking at the sender’s email address — these usually use a different domain (ex. paypal@domainname.com, or accounts@paypal.int instead of paypal.com). There may be subtle differences in spelling or other details that point to a non-legitimate sender. Train your employees to spot these differences and avoid getting phished.
Teach your employees not to open links in an email or online messenger unless they are sure the link is safe and that it came from someone they trust. Attackers often impersonate friends, coworkers, or legitimate service providers, so look for uncharacteristic behaviors in ] emails like awkward word choices, or unusually bad grammar or spelling.
Ransomware
Another common cyber-attack gaining traction is ransomware, where hackers steal or encrypt sensitive data such as customer information. They then make the data inaccessible to the business, which halts operations. The attackers then demand money for the data’s safe return, and/or to prevent them from leaking confidential company information to the public.
For example, in June 2020, business process outsourcing giant Cognizant was attacked with ransomware. Cognizant refused to pay the ransom but estimated that the attack cost $50 to 70 million in damage to their business.
Smaller businesses are also vulnerable. Some hackers target small businesses because while the ransom can be smaller, the security is also usually not as tight.
How to avoid a ransomware attack: The majority of ransomware attacks in 2020 gained access by compromising employee passwords, especially accounts with elevated access on standard user accounts. Attackers often use software to crack passwords, making password security a top priority to prevent ransomware attacks.
To limit your exposure, avoid giving elevated access on standard user accounts. Train your employees to take password security seriously—have them create passwords with different numbers and special characters, and a mix of upper- and lowercase characters.
We put together a list of tips to prevent ransomware attacks that goes into more detail.
Attacks from the Cloud
The ease with which data can be stored and accessed in the cloud is also its greatest vulnerability. Cloud-based business solutions like Microsoft’s office apps and cloud storage, as well as Google’s cloud platform and apps like Google Docs and Sheets, are all popular with small businesses, due to their low cost and convenience.
A common practice among small businesses is to create only one login and share it among team members. While this can save the business some money (many web applications charge per user), it is also unsafe.
Shared accounts make it much more difficult to identify where and how data breaches occur. In 2019, a data breach at Comodo used a compromised shared account to access the cybersecurity company’s confidential internal documents.
How to protect your cloud data: Create an account for each user, based on the principle of least privilege: a user should only be given the minimum level of access they need to do their job. This limits the potential damage from data breaches. It also makes breaches easier to trace and address.
Protect Your Small Business’s Data and More
No matter the size of your business, anyone can break into your data. But now that you’ve discovered how your business can be targeted, it’s time to get more serious about investing in information security.
Fortuna BMC is a HUBZone & DVBE Certified business & IT consulting firm that serves all federal, state, and private sector businesses.
