[BreachExchange] Cybercriminals Are Targeting Small Businesses That Don't Take Cybersecurity Seriously

Audrey McNeil audrey at riskbasedsecurity.com
Fri Aug 25 15:47:09 EDT 2017


https://www.entrepreneur.com/article/298889

Could your business recover from an abrupt loss of $256,000? Because that’s
how much a single cybersecurity hack could cost a small business, according
to a recent analysis in Tech Republic.

We’re barely halfway through 2017 and already this year has seen a huge
spike in major cybersecurity attacks. Ransomware infections attacked the US
pharmaceutical company Merck and the Danish shipping company Maersk. There
have been viral, state-sponsored ransomware leaks of US spy agencies and a
ransomware attack that crippled NHS hospitals and emergency rooms in the
UK. Enigma Software, the makers of the SpyHunter anti-malware program,
found there were more than 1.5 million infections detected in the first
half of 2017, and the number could be even higher in the second half of the
year.

Major hacks, ransomware and phishing are all on the rise. Yet many small
business owners continue to mistakenly believe their company won’t be a
target.

As a small business owner myself, I’ve fallen into this thinking before,
too. It’s tempting to think cyber attacks won’t happen to your business
because your company is too small or inconsequential to matter to
attackers. Cyber attackers target the big corporations of the world like
Merck and Maersk, not small businesses that employee just a handful of
people, right?

Not so fast. Small businesses are just as likely to be the victim of cyber
attacks as large corporations -- we’re just less like to hear about these
attacks.

Think about it: an attack that cripples the UK’s public health system and
emergency rooms is international news. An attack on a small business with
50 employees won’t make headlines anywhere. We fall victim to our own
confirmation bias: if we don’t hear about it happening, we assume it isn’t.
That’s dangerous thinking for a small business. While large corporations
can bounce back from cyber attacks, it’s much more difficult for small
businesses to recover. Could your business recover from a breach that costs
upwards of $250,000 and potentially devastates client trust should
confidential information be leaked?

Don’t wait until it's too late to take action. Know the threats and assess
your risks.

Malware infections.

Malware infections can come in many forms, including adware, spyware and
ransomware, which locks critical files and holds these files “hostage”
until a ransom is paid. Without appropriate restrictions at work, employees
may unknowingly download one of these programs, jeopardizing both their own
computer and company-wide security.

Mobile devices.

An estimated 4 percent of all mobile devices are already infected with
malware, not only impacting the device owner but also employers.

Credential threats.

Hackers can use social media and workplace emails to bypass network
defenses and gain access using compromised employee credentials.

Do employees bring their own devices to work?

Bring Your Own Device (BYOD) culture is in full swing, with employees using
their own smartphones, tablets and sometimes even their personal computers
for company work. While many companies decide the benefits (increased
productivity, lower hardware costs) outweigh the risks (hackers and
viruses), your business still needs a company-wide policy that regulates
what data employees can access and what happens if an employee’s device is
lost, stolen or compromised.

What type of authentication system is used to access cloud-based data?
Antiquated systems could leave your company vulnerable to hacks and
intrusion.

Are your systems protected?

With large corporations beefing up their enterprise security, hackers are
turning to vulnerable small businesses. Hackers can use tools to search for
unprotected networks and computers. Once a computer is identified, the
hacker will then take over the computer and use it to launch a full attack
on the network.

Once you understand the threats and have assessed your vulnerabilities,
take these steps to protect yourself.

Educate

Technology threats change quickly and employee training must keep pace.
Commit to keeping employees up to date on your company’s security policies.
Codify these policies and require employee signatures to confirm
understanding and enforce compliance.

Protect

At a minimum, all company computers should be protected by a hardware or
software firewall, as well as anti-virus and anti-spyware programs. If your
company is shifting data storage to the cloud, assess and update existing
security protocols. Do you use company Wi-Fi? A virtual private network
(VPN) is a more secure option for accessing your company’s network.

Bring in the experts.

Most small businesses can’t afford to keep a full-time cybersecurity expert
on staff. One option is to bring in a specialized contractor on a project
basis. Your company can tap into expert talent for more complex
cybersecurity threats, like cloud-based security protocols, without paying
steep fees for a full-time expert.

Bottom line: 2017 is a critical inflexion point for cybersecurity. Small
business owners can no longer assume that they won't be targeted or that
installing an anti-virus software program on a desktop computer is
sufficient. Taking steps now to identify and shore up vulnerabilities can
save your business from a full-on cyber disaster.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170825/db61e314/attachment.html>


More information about the BreachExchange mailing list