In 2018, cybercrimes against small businesses increased by 424 per cent. Yet small businesses tend to neglect their cyber perimeters, with 33 per cent of businesses with fewer than 100 employees taking no proactive measures to prevent breaches.
More than just paying for antivirus software, small businesses dealing with sensitive data need a robust cyber security policy which at the very least addresses the most common threats, how to prevent them and what to do in the event of a breach.
Phishing
Phishing is one of the most common cybercrime techniques employed by criminals everywhere. While most phishing emails are easy to spot, criminals use “social engineering” techniques to manipulate people into giving away vital information. A more targetted version of phishing known as ‘whaling’, where criminals take the identity of executives at the company to coerce staff to approve bogus payments, is becoming increasingly popular and damaging.
The best way to prevent your company from falling victim to phishing scams is to have regular, comprehensive training for all staff in spotting fakes, understanding the proper procedure for payments and what role everybody has to play in keeping data safe.
Ransomware
While ransomware has been on the decline recently, it still poses a significant threat to targetted small businesses. Ransomware works by withholding access to sensitive data until a ransom is paid. Whether a company pays the ransom or not, the damage a ransomware attack can do is dramatic. In 2017, 22 per cent of small businesses infected by ransomware had to stop trading altogether because of the related costs.
Ensuring your business has all sensitive data backed up and hosted separately from your main network is the best way to defend against a ransomware attack. Having consistent back-ups means that, should any data become infected, it can be quickly restored without having to pay the ransom and without being lost.
Cloud/IoT insecurity
With the introduction of new technologies comes new opportunities for criminals to steal data. Cloud computing and the Internet of Things (IoT) are two clear examples of this, as small businesses jump to integrate new technology without considering the vulnerabilities. Many IoT devices, including WiFi-enabled coffee machines and smartwatches, have weak security settings which can be taken advantage of by criminals to access the main network at any business.
Ways to prevent IoT devices from providing access to the main network include ensuring workers use a separate network for their personal devices so these devices don’t provide access to sensitive data. Cloud insecurity can be managed by ensuring that staff understand safe sharing protocols and responsibilities. The Australian Cyber Security Centre also offers in-depth advice on cloud security processes for small business.
Denial of Service (DOS)
Another common and fairly straightforward cybercrime tactic is Denial of Service attacks. DOS works by flooding a computer with requests to invalid web addresses to disrupt the device’s connection or shut down the computer indefinitely. While this kind of attack doesn’t risk client data, it can result in lost work time, lost data or projects and excess costs to replace devices.
Well-managed and constantly updated firewalls and routers can help protect against DOS attacks. It’s also good to know how your Internet Service Provider is able to manage DOS attacks and having a back-up ISP just in case. Some ISPs will be able to distribute the bogus traffic across a number of networks or servers to keep your computers and networks safe.
Training, monitoring and updating are some of the most essential elements of any cyber security policy. Make sure your business is tackling these issues head-on to protect your business, your staff and your customers.
Damon Culbert, Content Writer, Cyber Security Professionals.