Cybercrime is an increasingly important issue, but owners of small and medium-sized businesses (SMBs) are so convinced they’re not targets for cyber criminals that 83% of surveyed SMBs in the US lacked a formal cybersecurity plan and 66% had no concerns about being attacked – despite the average SMB being subject to 10,000 attempted breaches per day.
What’s at Stake
Suspended trading, a tarnished brand image, loss of customer trust, and legal ramifications are just a few of the devastating effects of a cyber-attack. One study showed that within six months of an attack, nearly two-thirds of SMBs had gone out of business. Protecting your company from online threats is essential.
Attacks can come from within your organization or from outside, locally or abroad. The hackers who isolate network vulnerabilities and the criminal programmers who code malicious software may be lone actors, socio-politically-motivated “hacktivists” or members of organized crime syndicates. But cyber threats can also come from sources you know – current and former employees, contractors, and business competitors. Whatever the source, the goal is the same – to access or disrupt your network without permission.
Cybercriminals may be interested in capturing personal and financial data from your clients to perpetrate identity theft; accessing intellectual property such as product data and designs or business processes; uncovering confidential information they can use to extort or embarrass your company; or damaging your organization’s website and IT systems.
Regardless of the possible motives, here are five basic steps you can take to thwart cybercriminals and potentially save your company.
Know the Most Common Threats
Educate your employees on how to identify and manage the most common categories of cyber-attack: malware and spoofing.
Malware– Malware infiltrates computers to capture sensitive information or to destroy or corrupt files. It can log keystrokes, send email from an account, and even access a computer’s webcam. Viruses are the most common type of malware, but malware also includes trojans, worms, rootkits, ransomware, spyware, and adware. They’re all transmitted by the same channels – infected downloads, websites, and removable drives, including USBs.
Caution employees to never open attachments or click on links in suspicious emails, even when they claim to contain important financial information such as invoices or receipts. Advise employees to guard against fake software by always downloading program software from an official vendor’s page rather than a third-party or file-sharing site.
Spoofing– Spoofing occurs when websites (pharming) and emails (phishing) mimic legitimate sources to steal login, financial, and other account information. Spoofing tricks users into confirming, validating or updating accounts, providing cybercriminals with important user information such as passwords or personal data.
Train employees to watch for telltale signs of spoofing such as mismatched URLs, misleading domain names, misspelled company names, poor spelling and grammar in “official” communications, and absence of the “https” at the beginning of a web address that would indicate a secure, encrypted web connection.
Use Protective Software
Install anti-malware or antivirus programs across all company systems. This will detect, remove, and repair damage from malware and provide real-time filtering of email, websites, and removable drives. Make sure to keep the software updated. There’s a wide range of products to suit your budget and desired level of protection. Some programs implement a firewall that restricts incoming and outgoing internet traffic, serving as an additional barrier against threats.
Secure Your Wireless Network
Cybercriminals use powerful antennas to scan for vulnerable wireless networks that they can secretly connect to and monitor for incoming sensitive data, using a method known as wardriving.
Change your WiFi network’s public name or service set identifier (SSID) periodically. Disable the broadcasting function of your router so that access is restricted to users who already know the exact SSID. Upgrade older routers to newer models with the latest encryption standard, WiFi Protected Access II (WPA2).
Back Up and Encrypt Data
It’s important to back up data regularly from computers, removable drives, and mobile devices onto cloud storage or an external hard drive. Encrypt the data as well; that is, scramble it into a ciphertext that’s readable only by authorized recipients. Full-disk encryption tools are preloaded on today’s operating systems, like BitLocker (for Windows) and FileVault (for Mac). Maximize your settings for optimal protection or install more comprehensive encryption software. Download apps that encrypt texts, passwords, files, or voice calls on smartphones.
Implement Cybersecurity Policies
Create strong cybersecurity policies and procedures for your organization. Make sure that all employees are aware of the policy and properly trained. Enforce the policy and update it as needed. You can find many examples available online.
Topics covered should include, but not be limited to:
- employee internet and social media use
- email safety
- strong passwords
- multi-factor authentication (requiring two or more independent credentials for access)
- security of hardware, including laptops and mobile devices
- deletion of former employees’ accounts
- restriction of access privileges
- prevention of social engineering (manipulation of users into performing actions or divulging confidential information)
Addressing these fundamental issues will reduce the chances of your business falling victim to an attack.
James Paik | Contributing Writer