The internet boom came bearing many gifts for businesses and individuals alike. Some of them include an interconnected world, e-commerce, and social media. However, it also brought with it many cyber security risks — and being hacked is one of them.
In 2018 alone, an alarming number of over 2.5 billion users were hacked. Getting hacked can be disruptive for individuals, but it can be even more catastrophic for business owners. Security breaches can not only put a dent in a business’ finances, but they can be damaging to their reputation.
If you’re a small business, it’s essential that you’re aware of the many threats that are out there. This is especially critical as you may not have the financial capacity to recover from such an incident as a small business. Knowing what cyber security attacks are out there could bring light to ways your business may be at risk — it can also help you develop the right preventative measures to ensure you don’t become a victim.
This cybersecurity hack is a common one: phishing. Phishing is a type of social engineering attack wherein hackers use their knowledge of human psychology to attain the information they want. They will often try and get you to click a link or download an attachment through pretending to be a person of authority and sharing a false story. Seeing as people tend to impulsively react to authority and urgency without verifying, many are likely to fall prey to these kinds of scams. An example of phishing would be a fake email from your bank asking you to click a link to keep your account from being shut down.
Prevention: Implementing cybersecurity best practices is one way to help prevent cyber security attacks such as phishing. In this case, best practices would include not clicking on links or downloads you’re unfamiliar with and verifying the sender’s email address or phone number before taking any action. If you’re an executive, you should address and prevent data breaches like these by providing adequate security training to employees.
You should also continuously update your company software so it’s harder for hackers to break in. If you feel your business is a victim of phishing, you can report it to the Anti-Phishing Working Group.
Malicious software, also known as malware, is software designed to gain access to a computer or other database without the owner knowing.
There are different types of malware out there, and some of the more common include true viruses, worms, or keyloggers. Spyware is another type of malware to look out for, as it hides in the background and monitors things like your passwords and credit card numbers. For example, if you sell items online, beware of the Point of Sale (POS) Trojan, a type of malware that targets online businesses and their customers, as well as other POS machines. In this attack, customer data is stolen from electronic payment systems, which is especially important to be wary of as the costs associated with data breaches are high. The average cost of a single stolen record is $242.
Prevention: Malware is spread when you browse hacked websites or download files that are infected. To prevent this from happening to you, avoid unfamiliar websites and clicking links you’re unfamiliar with. If your business has an e-commerce store, one security tip is to get an SSL certificate. This will keep hackers from stealing the information a user enters on your website when making a purchase. Regularly installing system updates should also help fix bugs or patch gaps in security that could make you vulnerable. Additionally, run regular scans with your anti-virus software (or keep in running in the background) so you can catch any malware that’s installed before it does too much damage.
3. Password Attack
It’s often advised that people change their passwords regularly and avoid using predictable ones. This advice is to avoid the pitfalls of password attacks, which occur when automated systems are used to randomize different password combinations in an effort to gain entry into a network.
Prevention: To prevent this attack, adopt best practices when it comes to passwords. Ensure they’re changed on a regular basis, and only people who need the passwords know what they are. If you have remote workers, be sure they’re aware of security protocols, too. Some ground rules for remote staff could include using a VPN and limiting access they don’t need for daily work. The password policy from SANS suggests including a mix of upper and lowercase letters mixed with special characters. They also suggest making it no shorter than 15 characters and not using personal information.
Although this is a type of malware, it has its own section because of how damaging it can be to your business. Ransomware locks down and encrypts devices, preventing system admins and other users from accessing them until a ransom is paid. One recent victim of a ransomware attack was Pitney Bowes, an e-commerce, shipping, and data services company. Luckily, customer accounts and data were said to be unaffected, but it still made the news and put customer data at risk. Aside from targeting businesses, ransomware attacks are also likely to try and infiltrate governments and healthcare providers.
Prevention: To prevent a ransomware attack, add content scanning and filtering on your mail server. Inbound emails can be scanned for threats and help block any harmful attachments. In the event that you are in a situation where you’ve been hacked, never pay the ransom, as it’s rewarding and encouraging the hackers. A final tip is to use reputable anti-virus software for an added layer of protection.
Cyber attacks can destabilize a business and negatively impact the progress that’s been made. However, awareness is the first step in improving cyber security and reducing the likelihood of you falling victim to attack.
Written by: Indiana Lee, BOSS contributor