Cybercrime is on the rise and your small business may be next. Small businesses owners often assume their size protects them from the kinds of headline-making mega-breaches that have hit giant corporations such as Target and Yahoo in recent years. But cyber criminals actually have an easier time going after smaller businesses who often have less resources for cyber security budgets and IT teams. Do you have a plan in place to protect your business against cyber risk?
According to Symantec’s 2016 Internet Security Threat Report, the last five years have shown a steady increase in attacks targeting businesses with less than 250 employees.
If you haven’t made cyber security a top priority for your business, it’s never too late. Here are some examples of the types of cyber attacks that could threaten your small business, and tips on how you can avoid or recover if you are the next victim of a cybercrime.
Malware is a broad term that covers many different types of malicious software. Cyber criminals launched more than 430 million new types of malware software into the world last year. Here are some of the tactics that cyber criminals may use to attack your business:
Just like its name implies, spyware is a program designed to monitor your browsing behavior and collect your private information without you knowing it, such as keylogging (tracking your keystrokes), and gathering passwords or other valuable information.
Spyware is typically installed without a user’s knowledge. It may be bundled with legitimate software that you want to download, or it can be installed using deceptive tactics like tricking you into clicking a link in an email or an ad.
Imagine your computer or system is hijacked by criminals who demand you pay a certain amount of money in order to prevent your data from being lost forever. Or, in some cases, who threaten to publish all of your information and expose your private business data to the public. While it may sound like the plot of a blockbuster movie, this practice is all too real. Ransomware affects a computer and locks it up until you pay the fee to have it removed, literally holding your data and files ransom.
The biggest ransomware threat is crypto-ransomware. Crypto-ransomware holds a victim’s files ransom by encrypting them with a secret key that only the criminals have access to. There is usually a ticking clock in crypto-ransomware situations… either pay up in the time provided or the key (and your data) will be destroyed and lost forever.
When it comes to ransomware, crime does pay. And cyber criminals love this tactic; ransomware attacks increased by 35% last year.
When malware is spread within online advertisements, you get malvertising. If one of your employees accidentally clicked on one of these deceptive ads, the result could be a computer infected with malware that steals sensitive information, damages a system, or even takes control of a computer with remote access.
If you’ve ever accidentally clicked on an online ad while trying to read a blog post on your mobile device you can see how easy it would be for this type of malicious software to gain access to your business computers or systems.
How to Protect Your Business Against Malware Attacks
Malware takes many forms, and these are just a few of the malware attacks you could encounter as you (and your employees) use computers and the internet to conduct business. Be sure that you’re using up-to-date anti-virus and anti-malware software to protect your business. Anti-virus protection typically guards against more established threats, such as Trojans, viruses, and worms. Anti-malware software, on the other hand, generally guards against newer, more advanced dangers. Layering both can give you a better protection against different forms of malware than if you chose one or another.
In addition, be sure you’re implementing these basic cyber security protocols:
- Encrypt your data
- Secure your Wifi network with strong passwords and a hidden network name
- Make sure employee computers and laptops are configured with user names and passwords
- Install and activate software firewalls for all business systems
Protecting your business against malware attacks is an important part of your cyber security strategy, but it’s just the beginning.
Here are some other attacks that could compromise your sensitive information, data, and your business.
Point-of-sale (POS) attacks are one of the biggest sources of stolen credit/ debit card information for cyber criminals. While technically a form of malware, POS attacks happen at a point-of-sale terminal when a customer is making a purchase, rather than other forms of malware attacks which occur at a laptop or desktop computer. When a payment card is swiped at a POS terminal, its details are stored in the terminal’s memory for a short time while the information is transmitted to the payment processor. And that leaves a brief window of opportunity for POS malware to copy the card data and transmit it to the attackers.
How do they do it? Attackers can purchase POS malware kits from cybercrime forums. Then they hack into the company’s network to gain access to the network hosting your POS system. From there, the malware kit is installed and your customer’s credit and debit card information is up for grabs.
POS attacks have been named as one of the biggest expert predicted cyber threats for retailers to watch out for in 2017. If your small business has a POS terminal for accepting payments, this is a very real risk to watch for.
How to Protect Your Business Against POS Attacks
EMV Cards, which are also known as “chip cards” or “smart cards” are less attractive to hackers. EMV (which stands for Europay, Mastercard, and Visa) technology is already standard in many parts of the world, and the US has been embracing these smarter payment cards. EMV cards contain embedded microprocessors that have built-in security features that the traditional magnetic strip cards don’t. Research from Discover revealed that EMV chip cards lead to an 80% reduction in credit card fraud when the technology was adopted by the European Union.
Many banks and institutions have issued EMV cards to their customers, but not all retailers have adopted EMV technology at their point-of-sale systems. If you want to keep your customer information safe, be proactive and upgrade your POS to take chip cards today.
Phishing attacks aren’t a novel cyber threat. They’ve been around for years and they keep getting more sophisticated. Phishing attacks use email to try and trick a recipient into taking a certain action, such as providing login credentials or other sensitive information. Here’s how that might look in action:
One phishing attack campaign capitalizes on the popularity of Dropbox, which millions of people use to backup and share files. Imagine if you received an email from a business associate, client, or other email contact inviting you to access a shared file via Dropbox. You probably wouldn’t think twice about clicking through from the email to a page that appears to be the Dropbox login page. But if you’ve fallen for the Dropbox phishing scam, you could be clicking on a link that installs malware on your computer, or offering up your login credentials to potential criminals.
People have even been tricked by a sophisticated Google Docs phishing scam and unknowingly handed their Gmail login information over to savvy criminals. Which could mean giving these hackers the login information to your organization’s Google Drive files, Adwords account, and so much more.
Cyber criminals don’t stop at login credentials, either.
According to Symantec’s 2016 report, more sophisticated phishing attacks target the legal or finance departments of companies. Some companies have lost millions of dollars when someone in the finance department is tricked into completing a wire transfer request that they believe came from their own company CEO or other high-level executive.
How to Protect Your Business Against Phishing Attacks
Employee education is a key component to protect against phishing scams. Educate your employees about potential scams they may encounter, and warn them against opening attachments or clicking on links from emails that seem out of the ordinary.
Symantec recommends organizations follow these best practices to defend themselves against possible phishing scams:
- Deploying email encryption where possible
- Ensuring that email is scanned for malware, spam, and phishing
- Use web security systems to block access to known phishing sites
Insuring Against Cyber Attacks
The U.S National Cyber Security Alliance found that 60% of small businesses are unable to sustain themselves after a cyber attack, and a study by IBM and the Ponemon Institute found that 66% of businesses aren’t prepared to recover from a cyber attack. This same Ponemon study also revealed the cost of a data breach increased 29% since 2013, up to $4 million, and the cost of a stolen record increased by around 15%, as well.
In other words, most small businesses aren’t prepared to handle a cyber attack, can’t afford the fallout from an attack, and would be devastated if they were the victim of one.
A cyber attack could happen at any time, whether it’s an employee who falls for a phishing scam and gives up their Gmail login info, or a POS malware attack that steals your customer credit card information from your retail store.
Just like many other business risks which could be catastrophic to your business, you can put up a strong defense against cyber threats with cyber liability insurance coverage. Cyber liability insurance can help your business deal with the aftermath of a cyber attack, providing you the resources to help you recover from the immediate effects, such as:
- System and data restoration
- Customer notification
- Credit monitoring services
- PR and reputation management
- Liability lawsuits resulting from a data breach
While cyber insurance is no substitute for up-to-date anti-malware and antivirus software, encrypted data, and ongoing employee training, it is the perfect safety net in case a sophisticated hacker or cyber criminal targets you. As technology gets more sophisticated, so will cyber criminals. Small businesses are a big target for hackers -- don’t let yours fall victim to an attack.