Security is a hot topic in the business world. But while the media only puts a spotlight on attacks involving big corporations, as in the Colonial Pipeline ransomware hit, businesses of all sizes face threats of all shapes and forms.
But security goes beyond vulnerabilities that make businesses fall prey to cybercriminals. Malicious groups and individuals are getting more sophisticated and seemingly two steps ahead of everyone else.
Perhaps one of the reasons behind this is that many business owners still don’t see security as an absolute priority, at par with core objectives like profit and innovation. Another possible reason is that business operations are inherently complex, involving many people and technologies, creating blind spots that criminals can easily exploit.
If you’re a small business looking to develop a more robust and proactive approach to security, it pays to know what the risks are. Traditionally, a business with a physical store would need only hire security guard services to protect their property from break-ins and burglary. But in this day and age, small business owners should also watch out for cybersecurity threats.
Continue reading to learn about top security concerns small businesses have and what countermeasures are available.
Among the many cybersecurity threats that are damaging to small businesses, phishing attacks are the most common. Phishing attacks, which account for 90 percent of all small business breaches, occur when malicious individuals or groups are pretending to be a trusted contact. The contact will entice a user using emails or messages that look legitimate. When the user clicks on the malicious link or downloads a file, the user unwittingly gives the phishers access to sensitive information, credentials, and account details. Attackers will then use this information to fraudulently request payments from clients, suppliers, or employees.
Phishing attacks have significantly grown over the last year and resulted in over $12 billion in business losses. This is because phishing tactics have become more sophisticated, making them more difficult to combat.
But there are technical defences that you can put in place to ward off phishing attacks, such as the following:
- Using strong email security gateways
- Employing post-delivery protection
- Use only known download sources
- Do not open suspicious email attachments
- Investing in security awareness training
Small businesses should start accepting the reality that ransomware not only attacks big corporations. In fact, a whopping 71 percent of ransomware attacks in 2018 targeted small businesses.
Ransomware is a common cyber-attack wherein ransomware gangs encrypt an organization’s data and forces them to pay a ransom to retrieve the data. An attack can be game-changing and paralyzing, as you’re left with no choice to give in to the attacker’s demand or lose huge sums of money and potentially cripple your operations with the loss of data.
As evidenced by what happened to Colonial Pipeline, ransomware gangs are now more sophisticated than ever, and they can easily disrupt industries at scale and cause country-wide panic.
Fortunately, there are steps you can take to reduce your risk of getting hit by ransomware., such as:
- Have a robust cloud backup solution in place
- Switch to advanced, up-to-date software
- Patch browsers and operating systems
- Invest in state-of-the-art technology
- Develop a comprehensive cyber-resilience & business continuity plan
- Train your staff and supervisors
Using weak passwords for your login credentials and operating systems is like leaving the door open at night. Using the same passwords across multiple devices and software will encourage attackers to guess your passwords and brute-force into your systems.
In other words, be sure to use random strings with special characters, so attackers to keep cyber attackers at bay. Strong passwords may be hard to remember, but that’s a small sacrifice compared to what could happen when attackers manage to open your accounts. It’s also important to store your passwords properly.
Here are other password best practices:
- Use encrypted password managers like LastPass. This way, you can remember complex passwords securely and share access to items with employees without them seeing the actual credentials.
- Avoid writing down passwords in notebooks, sticky notes, or any piece of paper you’ll put in your wallet or bag. Also, avoid storing them in any unprotected app on your computer.
People can be your biggest assets, but they can also be your biggest risks in the context of security. Without proper training and consistent enforcement, employers can leave your systems and network vulnerable to cyber attacks.
Here are some of the most common employee habits that allow a security breach to take place:
- Unrelated browsing using company devices and internet connections
- Using weak or similar passwords
- Opening malicious emails, links, and other download sources
- Lapses in judgment or memory, or getting distracted
- Not reporting a potential security breach
- Sending something to the wrong recipient, also known as misdelivery
- Not downloading software or security updates on time
- Leaving physical items unattended, which allows for tailgating
In addition to human error, small businesses are also vulnerable to other insider threats, such as employees, both current and former or business associates and contractors divulging critical data. A Verizon report published in 2017 showed that insider threats are a growing concern for small businesses, as it accounts for over 25% of breaches that year.
Protect your business from these top security concerns with a robust and comprehensive security plan.