[BreachExchange] How Worried Should a Small Business Be About Cybersecurity?

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jul 10 19:02:06 EDT 2018


https://hakin9.org/how-worried-should-a-small-business-be-about-
cybersecurity/

SMEs happen to be common targets for cyber-crime as small business owners
to sometimes overlook the risks of the various forms of hacking and cyber
attacks. With time, the hackers are becoming more proficient and
intelligent in their ability to gain access to the small business networks
and sensitive information like personal details of the employees and their
customer emails.

The outcome of a data breach can be quite devastating as hackers can really
cripple your business. Any business big or small could be a target. Whether
you are in finance, retail, e-commerce or any other field data is the heart
of the business. Data includes customer details, client and sale purchase
records as well as financial and employee details are all extremely
valuable to the business and if they get into the wrong hands, it can lead
to rather damaging consequences. We live in a digital world today that is
connected to a myriad of IoT devices, mobile phones that makes both the
users and business prone to hacking while they are connected to a network.

How big is the problem?

It might seem as only large corporations and big names are prone to get
hacked or suffer from cyber attacks, according to a 2015 study, 43% of such
attacks were made against the small businesses. Last year, 2 out of 5
cyber-attacks were on SMEs. As they were not high-profile, that is why they
didn’t make to the news. What’s more, as small businesses lack proper
resources and finance to hire IT experts, it also becomes intimidating for
them to secure their business. Small businesses usually have weaker online
security. Major tech giants like Apple who have countless protective
resources against hackers are vulnerable as well. The recent Cambridge
Analytica scandal of Facebook is another example that no matter how secure
you might think your information is, it could be leaked. More often than
not, the hackers are not even aware of the kind of information being stored
by the business until and unless they have broken into your network and
gotten hands on your data.

So, even if there is no sensitive data store, it is quite likely that your
small business will be at risk for a data breach. Cyber-attacks are a
serious threat to SMEs and require the owners to both understand and
implement the right cybersecurity measures.

Common Cybersecurity Threats Faced by Small Businesses:

Here are some of the most common forms of cyber threats:

Phishing:
The most common problem faced by small businesses is phishing. Phishing
scams happen to be as old as the internet and if the employees are educated
beforehand regarding these threats on the internet, one can save his
business of big loss in the future. In this method, cyber criminals try to
get sensitive information from the employees. This way, they are able to
send malware that affects both the network functions and computers until a
sum of money is paid to the hacker/attacker. There are a number of forms of
phishing. For instance, a large number of individuals or businesses are
attacked by sending emails that seem like they are from some client or a
client.



Ransomware:

Every day, companies both large and small are affected by ransomware
attacks. Companies can avoid ransomware attacks if all of the company
systems are kept up-to-date and protected against malware and viruses by
efficient anti-virus software. Managers need to make sure that the staff
regularly creates backups for all the files and is cautious regarding the
data they open on their computers or even smartphones as a large number of
organizations now carry out all the business communications on the company
provided phones.



Cloud Storage Service:
The new cloud computing services have revolutionized the way small
businesses are operated. Cloud storage has become a preferred choice for
not only small but medium-sized businesses as well. Cloud storage offers
business owners with the appropriate defense measures along with timely
security updates. Speaking about cloud storage, one also needs to know that
they are using not only reputable but reliable service providers too.





Websites Attacks:

Another common problem is the web-based attacksbusiness owners need
protection from. Business websites are often attacked as they lack multiple
layers of security. Hackers are able to carry out malicious actions using
the company website. This could damage the branding of the company that
could result in immediate penalization by search engines like Google and
Bing. So, it is very important that you not only change your passwords but
also update the WordPress plugins. The chances of you becoming a victim of
ransomware, phishing or data breach can be greatly reduced if adopt a
regimen of regularly updating your systems along with smart anti-virus
software solutions that can effectively handle the various cybersecurity
needs of your company.



Stolen or Compromised Communication Devices:
Cell phones, tablets, laptops, computers, and Macs are popularly used by
companies for work-related purposes and carrying out business communication
with clients. They contain important company information that could prove
to be a goldmine for the cybercriminals. Therefore, managers need to make
sure and highlight this to the employees that only the secured company
devices should be used to store and access the company information. The
information that is stored on the stolen or compromised devices could be
used against the interests of the company. It is also essential to realize
the threats a company could have by having a mole at the workplace.
Sensitive data or confidential company information could be leaked to
rivals or published by disloyal or unhappy employees. So, apart from being
cautious one also has to keep a watchful eye on their employees and monitor
their activities. Employee monitoring apps like TrackMyFone, Xnspy, and
Activtrak are some of popular monitoring apps to monitor your employees’
device activities and both their online and offline activities. These apps
help in monitoring messages, calls, emails, and location too so in case an
employer is suspicious of his employee, using these kind of apps could get
the employer getting some cold hard proof.

What Small Business Owners Need to Know?

Owners of the small business need to understand the threats their business
might be vulnerable to. Moreover, they need to accept the fact and educate
their staff that cybersecurity is not only the responsibility of a tech
expert but every employee. The majority of the attacks that were
experienced by the small businesses can actually be stopped if some simple
precautionary measures are implemented in the organization right from the
start.

Businesses should know everything there is to know about cybersecurity so
that keep their business safe from data breaches and other forms of
cyber-attacks. The employees and staff should be trained to adopt safe tech
policies. Furthermore, such an organizational environment needs to be
promoted where open communication can take place along with training the
employees in case they come across the various forms of cyberattacks like
ransomware, phishing, etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180710/722edaa4/attachment.html>


More information about the BreachExchange mailing list