Small businesses are often a good starting point for people who are tired of their nine-to-five jobs and want to be their own boss. However, far from being considered small fry by the criminal underworld, small businesses are frequently targeted by hackers, and not just as collateral damage in larger attacks, but precisely because they are small.
The assumption threat actors make is that little companies have poor cybersecurity measures in place. Unfortunately, the hackers are often correct and the results are disastrous; according to an October 2019 CNBC report, cyberattacks now cost companies an average of US$200,000 — a sum significant enough to swiftly put most small entities out of business.
Believing your company is safe from cybercrime because of its size is a dangerous route to take. Security software company Symantec reports that 36 percent of all targeted attacks are made against companies with fewer than 250 employees.
Consider the time and effort a hacker must go to when trying to breach a big company’s systems. Then compare that to the ease of targeting a small company. The difference is night and day, and for the hacker, targeting enough small companies still results in a good paycheck.
Nor is a single antivirus program enough to counter the increasingly sophisticated threats found in today’s dynamic cyber threat landscape. While the trojans and worms of the late nineties and early noughties are still present, they are joined by threats that are far more problematic, and harder to detect.
Here, we go over three of 2020’s most worrying cybersecurity threats and take a look at some of the tools that small businesses should use to keep their data, and clients’ data, safe and secure.
On The Horizon
The key cybersecurity threats to small businesses in 2020 include the following:
While phishing is not new, what is new is the myriad ways cybercriminals manage to make phishing attacks viable.
A form of social engineering attack, phishing is when criminals use fraudulent emails or other outreach methods to trick the receiver into engaging with that email.
Engagement here can mean replying, opening a malicious link, or divulging information. Hackers continue to use phishing emails because they work well.
One recent example that companies should be on the watch for is the so-called boss email attack. A very realistic email purportedly from the boss is sent to staff members and instructs them to carry out tasks.
Hackers may also pretend to be clients initially in order to gain trust and eventual access to a company’s systems.
Combating phishing is a team effort. Companies should make sure their staff are aware of the risks. If they see an email that appears normal but instructs them to carry out abnormal tasks, staff should double-check with the supposed sender in a new email, or by walking to their office.
Email scanners may also be put to good use. These tools sort through incoming emails looking for any suspicious links or malware.
2# IoT Attacks
Recently, Forbes reported a 300 percent rise in attacks on Internet of Things (IoT) enabled devices. Today’s net landscape consists of literally millions of interconnected devices, from smart fridges to your office’s printer and everything else in between.
When multiple devices are connected to a single network, such as your office’s internet connection, the risk of an attack is increased as the hackers have more potential access points and vulnerabilities to exploit. If hacking a company through its printer sounds a little far fetched, think again. In 2017, cybercriminals managed to hack into a Los Vegas casino’s network via a smart fish tank.
If your company’s physical workspace contains smart devices, even those that control the lights and the temperature, you are at risk of an IoT attack.
You really only have two options here: either remove all the internet-enabled devices (and the convenience factor they bring) or invest in security software that protects your entire network.
In the process, it encrypts all data in transmission. Unlike a VPN app on a computer or a phone, a VPN router tackles the issue at the router level so that the whole network and any connected devices are kept safe.
3# Insider Threats
An insider threat is a broad term that means any risk to a company caused by the action (or inaction) of an employee, former employee, contractor, or even an associate.
Because these people have access to critical data about your business, they represent a threat that must be considered.
Harmful effects can be caused through malice and greed, but also just through a lack of care or ignorance about cybersecurity, hence the inaction mentioned above.
Verizon released a report where it noted that 25 percent of data breaches were the result of an insider threat.
Some research even suggests that around 60 percent of employees have access to accounts they shouldn’t have. That’s no small matter and something your company must prepare for and actively take steps to counter.
To protect against and thwart insider threats, small businesses need to create a strong culture of cybersecurity awareness through ongoing staff training. Ironclad data protection policies built into contracts won’t hurt either, nor will double-checking access to accounts at all levels of the company.
Additionally, make sure that each individual in the company knows that cybersecurity is everyone’s job.
While you shouldn’t throw your antivirus software away just yet, bear in mind that it is simply not enough to protect your business’ assets in 2020 and beyond.
Take the time to up your cybersecurity game and avoid the pitfalls of poor security management and your business is much more likely to thrive.
You May Like To Read:
- COVID-19: Top 5 Cyber Security Tips For Working From Home
- 7 Cybersecurity Trends To Look For in 2020
- 5 Top Practices In Cyber-Security For Businesses
Author: Amy Cavendish