Cyber thieves often see small businesses as easy targets, and it’s no wonder: Smaller companies don’t have the big IT security budgets, staff and sophisticated security tools that larger companies do. Many small business owners are consumed with the day-to-day running of their business.
But as cyber thieves get savvier, it’s critical to take steps to protect your business. One breach can cost thousands of dollars in both operational and reputational damage—with the average cost of a cyber attack on a small business being $25,000. However, some relatively simple steps and tools can make your business less vulnerable.
Emerging cybersecurity threats to small businesses
First, it’s important to understand how cyber threats are evolving—so you can better stop attackers in their tracks. Here are three trends in cybersecurity threats against small businesses:
More personalized and legitimate-looking phishing attacks
Phishing—when an attacker poses as a trusted contact and persuades someone to click on a malicious link or provide sensitive information, account details or credentials–is getting more sophisticated. Attackers are researching businesses online to glean enough information about them so they can personalize their phishing attempts and come off as more legitimate and trustworthy. For example, they might find out the name of your bank (so they can pretend to be with that bank when they call or email requesting information).
Common phishing email scams include sending fake invoices or sharing documents via what appears to be Google Docs or Dropbox in order to get someone to click on a malicious link.
Moreover, attackers are copying the design of well-known, reputable business software login sites—making it more difficult for someone to see that it’s not legitimate.
Targeting remote workers
With so many people now working from home full-time or part-time, attackers have more opportunities to break into companies’ networks by gaining access through all the tools and devices that employees use to gain remote access to their business data and systems.
One recent major attack against a U.S. pipeline happened when the attackers got access to one password to a virtual private network (VPN) that employees used to remotely access the company network. Because the VPN was older and didn’t require multi-factor authentication, the attacker was able to easily break in using that one password.
Ransomware attacks reaching small businesses through vendors
Several high-profile attacks in recent years have involved ransomware—malware that locks a company’s systems until the company pays the attackers a ransom of what can amount to thousands to millions of dollars. One major ransomware attack in mid-2021 targeted a Florida-based company that provides software and IT tools to many small businesses—and up to 1,500 of those businesses had their systems compromised in the attack.
How small businesses can protect themselves
To prevent these evolving cyber threats, businesses need to take a multi-pronged approach:
1. Spot and stop phishing scams—through education and policies.
Since so many cyber attacks rely on the stealing of sensitive information, it’s critical that you and your employees always be on the lookout for phishing emails and calls. You can also set policies that prohibit employees from providing sensitive information such as account user names or passwords or bank account information over email, links in emails or on calls that weren’t initiated by the business.
You can also have them watch free or low-cost videos about how to spot phishing scams such as those available through an online course provider such as Udemy or YouTube. The Federal Trade Commission also offers a free online quiz for employees to test their knowledge on how to spot and avoid phishing.
An email spam filter can also help weed out malicious emails and alert employees when emails seem to include suspicious or questionable links.
2. Crack down on passwords
With so many business tools now cloud-based, employees often have to use many different passwords. It’s easy to get lax about it and, use, say, just one password for multiple accounts that gets used for years and years. But unfortunately, that’s how cyber thieves gain access: They get one person’s password for one account and then discover they can use it to access another account.
Ideally, employees should each have their own password-protected access to tools—and not share passwords—and change that password at least quarterly.
3. Focus on securing remote-work devices
Know what devices and tools your employees are working on at home and make sure those are protected with a reputable malware and antivirus program. If the business supplies them with devices such as mobile phones or laptops, it can more easily control the security measures on those devices.
Also make sure those devices are password protected so, if someone steals it, they won’t be able to easily gain access.
Know what devices and tools your employees are working on at home and make sure those are protected with a reputable malware and antivirus program.
4. Limit access control
The fewer unnecessary people who can access sensitive business data, the less likely it will get hacked into, says Eric McGee, Senior Network Engineer at TRG Datacenters, a Texas-based company that designs data centers. “The most effective way of guarding against data breaches is to put in place access control measures that limit the number of people with access to user data.”
5. Use modern tools with up-to-date security practices
Since attackers often take advantage of older technologies and software, it’s to your benefit to make sure you’re using up-to-date versions of software that include the latest security protocols, such as multi-factor authentication.
Spectrum Business Internet offers all customers up to 25 free licenses for award-winning desktop security suite that can be downloaded on employees’ devices. It provides real-time protection against many different cybersecurity threats and automatic updates—so the software is never outdated. To learn more, contact us at 855-299-9353.Print this article