[BreachExchange] 5 Ways a Hacker May Target Your Small Business

Audrey McNeil audrey at riskbasedsecurity.com
Thu Oct 5 19:24:22 EDT 2017


https://www.hitechanswers.net/5-ways-hacker-may-target-small-business/

Cyberattacks only happen to large corporations because they hold the most
personal and sensitive data, right? Wrong. While the media often leads us
to believe cyberattacks are only occurring on high-profile organizations
holding a lot of data, the statistics show us otherwise. An article on
Information Security Buzz takes a look at 5 ways hackers might target your
small business and how you can protect yourself from an attack.

What do the statistics tell us about who is falling victim to a
cyberattack? Surprisingly, over 43% of cyberattacks target small or newer
businesses, a much different result that we’d expect based on what the
media tells us. Unfortunately for those small businesses who fall victim to
a severe cyberattack, 60% go out of business within six months.

We can see that a cyberattack can wreak havoc on any organization
regardless of size, but that does not mean it’s too late to protect
yourself from being another statistic. In order to understand how best to
protect your business and your clients, it’s important to understand how
cybercriminals are exploiting small businesses.

1. Ransomware
You may be aware of what ransomware is or that it is on the rise, but what
exactly does that mean for you and your organization? Looking at WannaCry,
a recent form a Ransomware that exploded globally, we can see just how
widespread this issue has become. This exploit works by encrypting,
corrupting and/or locking sensitive information behind a firewall and
demanding a blackmail payment in order to regain access to that material.

In addition, ransomware can collect data such as what websites you visit,
what videos you stream and can even take pictures through a connected
webcam, often scaring the victim into paying the ransom. Unfortunately, in
many cases paying the ransom does nothing and the hacker keeps your data
and your money.

How do you protect yourself and your organization from falling victim to a
ransomware attack? Keeping your security, malware and anti-virus tools up
to date are crucial components in protecting against a ransomware attack.
It is also important to never open attachments from sources you don’t know
and never download content from untrustworthy sources.

2. Phishing
A common form of phishing is through the use of masked portals. In this
form of phishing, a hacker clones a website or portal to match the original
legitimate website but does so almost perfectly. If the fake website or
portal is mistakenly accessed by a user, all of the sensitive information
that the user inputs can be exposed to the cybercriminal.

You can avoid being affected by these illegitimate websites by looking for
“HTTPS” or SSL and TSL-encrypted sites. These sites are certified to
encrypt any transferred data, keeping your information secure. Also
remember to pay close attention to the URLs you are accessing online.
Hackers will use URLs that are very close to the original URL, which can
often be accessed by making a small typo.

Another great way to avoid falling for a phishing scam is to never trust a
URL in an email. Instead of clicking the link, navigate to that website on
your own to ensure it is not a trap. Also consider enabling two-factor
authentication when available.

3. Application Breaches
It is important to be aware that the applications you access could also
suffer a data breach. For example, Google recently had a massive breach
that affected over 3 million users of their Docs and Drive platform. This
breach occurred in a way similar to what we just discussed, through
phishing. These hackers were able to send out fraudulent emails resembling
actual Google emails, allowing the recipient to edit a Google Doc. Once the
user clicked on the phishing email it took them to a third-party app,
allowing cybercriminals to access any connected Gmail accounts.
Interestingly, Google Docs was not compromised itself, however the hacker
found a unique way to access users accounts for data theft.

To protect yourself and your organization, only use trusted applications
and make sure to keep up to date with security tools and patches. Also
remember to avoid clicking links directly from an email, but instead go to
that website on your own.

4. Point-of-Sale Systems
Hackers will also target point-of-sale systems that are used by cashiers to
collect a customer’s payment. For example, Chipotle recently suffered an
attack through a phishing scam, compromising credit card data for millions
of their customers.

The best way to protect your small business from an attack on your
point-of-sale system is to implement secure hard and software from a
trustworthy brand on that system. You should also go the extra mile and
encrypt any data that may pass through this system.

5. Tax Form Scam
Tax form scams have become much more common in recent years. Scammers have
developed a W-2 phishing scam where they email employees, making it appear
to come from the company or corporate office. The email looks so legitimate
that employees often input their personal information into the W-2 form and
turn it back over to (what they don’t realize is) a hacker. This scam has
affected over 120,000 employees as of March 2017.

In order to protect yourself and your business from a scam such as the tax
form scam, it is necessary to educate both employees and customers.
Offering free training or small courses on what to look for and what to be
aware of will be very helpful in keeping everyone informed.

Education is key in protecting your small business from falling victim to a
cyberattack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171005/e802b4e5/attachment.html>


More information about the BreachExchange mailing list