With today’s small businesses growth in on-line activities, there come increased threats from hackers trying to cause them harm. Companies are pressed to respond, which means reinforcing their cyber security processes and tools and protecting their IT infrastructure against all possible attacks. This, however, is a complicated situation; there are many ways to attack an organization from direct attacks on the company’s website and other online access points and indirect attacks which may involve attacks against employees, customers, and even vendors.
Cyber criminals launch these attacks to get at the lifeblood of a small company; their financial data and access to their financial accounts. With the growth of hacker groups who take a volume approach meaning they will get anything they can from each of the thousands of businesses they target, any size business is in their cross-hairs.
So how do these criminals get to a company’s valuable data and how can they be thwarted?
Malware: Always a Problem for Small Businesses
This old cyber security threat has been around for such a long time because, in spite of its simplicity, it is still effective. Hackers get employees, vendors, and customers to open an email or other communication and then click on a link, then bad things happen. This process allows malware to be loaded onto the targeted computer. Malware is the umbrella term that describes many different types of malevolent software. Computer viruses, computer worms, Trojan horses, rootkits, spyware, and adware are all different varieties of malware, each of which interacts with your computer in a different fashion. Certain malware applications disguise themselves as legitimate applications, or even fake antivirus applications, in order to gain access to the computer. Many use keystroke logging to track every keystroke a user makes on his computer’s keyboard. Based on the keystrokes, hackers are able to pick out login IDs and passwords to bank accounts, and whatever other websites the user visits.
Even with the best of intentions, employees and customers can let in malware, which is why securing networks is so important. Today’s advanced malware is extraordinarily difficult to detect and most antivirus programs can miss them. This means small businesses must be diligent about employees awareness of the new forms of malware attacks and how to avoid them. One sure way is to prohibit employees from opening any unsecured links when on business computers or devices connected to the network.
Mobile Devices are High Risk
Often cyber-attacks are directed at employees and a hacker’s way in is through an employee’s mobile devices. With the proliferation of employees using their own unsecured devices for work business, and the explosion of visits to sites that contain media files, there is an increased threat that employees may simultaneously be downloading malware onto their devices as they are viewing these files. With confirmed cases of Android malware being transferred from Android devices to Windows computers once connected, cross-contamination is a full-blown threat for companies. Employees must be trained to understand that behavior they have at home is incompatible with what they do at work. At work everything must be secure and methodical and if there is the potential risk of creating an opportunity for a cyber-attack, the behavior must be discontinued.
Free Wi-Fi is Dangerous
Free Wi-Fi has become a great way to show customers that you care for their patronage, and their comfort. But it also opens up the potential for cyber-attacks by these same customers. Businesses that offer Wi-Fi will often run their own business processes on the same network and if someone hacks their free Wi-Fi set up they also gain access to the company’s most treasured data. The secure approach is to split any Wi-Fi networks in two and install firewalls to control the guest side. The company side of the network remains completely separate and off-limit to customers.
Take Commonsense Precautions
Be proactive about these potential threats: Keep all security software up to date and enlist the services of a professional cyber security consultant to review your current processes and cyber security equipment and have them make recommendations for how you can ensure you don’t get hacked.
Prioritize sensitive company information: Make sure that valuable information is only exposed to those who need to have access to that information, and it is housed separately and on different servers from general information.
Institute and enforce cyber security governance policies: Every employee needs to understand the company’s policies for securing its data against hackers. There needs to be clear guidelines and an emphasis on its use being non-negotiable.
Use offsite data backups: If you are hacked and they try and hold sensitive data hostage ensure that you have a back-up copy that is outside of your current business, so your business does not go down.
Small companies must stop assuming that they're flying under the radar of hackers, and institute aggressive cyber security policies, procedures and precautions. Their very livelihood could depend on it.