Updated October 2019 from original post.
Protect Your Business From Cyber Criminals and Costly Cyber Threats
Cybercrime has increased year-over-year with a variety of cyberattacks hitting businesses every day. Hackers are working around the clock and although small businesses have become a growing target, hackers are really indiscriminate. They don’t care if your company is large or small. If your company holds any sensitive information your business is a target.
Attacks come in from all vectors, such as email, web-based pathways and the human element. A cyberattack is defined as any attempt by hackers to gain illegal or unapproved access to a computer, network or system. Hackers see opportunity in each IP address. They are sneaky with a desire to wreak havoc on your business. Hackers are intentional with very clear objectives as they are looking to access your system, steal mission critical data or intellectual property, lock your files and hold them for ransom, or leak proprietary information to the public.
Let’s look at the top five cyberattacks that businesses should be aware of.
Cyber Attack #1
Man-in-the-Middle (MitM), also known as eavesdropping, is when someone intercepts any information being sent in a two-party transaction such as from a computer to a server. One of the most common ways for a MitM attack to occur is over unsecured public WiFi. The attacker can hijack the session and insert themselves between an individual’s device and the remote web-server. They can obtain confidential information such as passwords and credit card info as well as gain access to your system and applications.
Security Tips: Install and use VPNs (virtual private network) on all work-related devices to access business information and conduct work while traveling. Encrypt information and look for HTTPS in your browser to identify that your connection to the website is encrypted. Click here to share this security tip.
Learn More about VPNs:
Cyber Attack #2
Phishing, an increasingly common threat, is typically through email where the communication appears to have come from a trusted source. The attacker is hoping the user will click on embedded links or attachments to gain access to sensitive data or install malware on the user’s device. Unfortunately, humans are a weak link when it comes to security - even with increased user awareness. Why?
Hackers are persistent. They are constantly retooling their methods and upping the game with refined tactics. Phishing campaigns have become more sophisticated whereas hackers are impersonating global brands (known as brandjacking) or cloning other sites making it nearly impossible to discern the difference from the true, reputable site. These phishing emails look so legitimate they trick users into entering login credentials or other personally identifiable information (PII).
Learn about Cyber Phishing in less than 60 seconds .(Phishing training video)
Cybercrime Statistic: 62% of businesses experienced phishing & social engineering attacks
Security Tips: We’re human. We all can make a mistake so continuing to train, educate and test employees on phishing and other types of social engineering attacks using examples is a must. Teach employees what to look for and how to tell if the phishing email is fraudulent. Share this security tip.
Learn about recent scams and stay up-to-date through these resources.
Cyber Attack #3
Ransomeware is a simple form of malware (malicious software) that breaches security defenses locking down computer files using encryption. Hackers then demand a ransom to be paid, usually in crypto currency, in exchange for the digital keys to unlock the data. Of course, businesses are likely to pay for the release of their data – especially if they do not have a back of the information. It can be hard for a company to recover from such an attack. The FBI lists Ransomeware as one of the top threats for SMBs.
Cyber Statistics: Ransomware attacks are growing more than 350 percent annually. (Cisco)
Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds.
In the Official Annual Cybercrime Report (ACR) by Cybersecurity Ventures there is a ransomeware attack every 14 seconds. The company also estimates that number will increase to every 11 seconds by 2021.(Cybersecurity Ventures)
The average ransomware payment also increased significantly, by 184% from Q1 to Q2 this year, nearly tripling the cost from $12,762 to $36,295.
Security Tips: Back up your data – especially critical files to a secure cloud storage and ensure the cloud storage is protected against ransomware. Have anti-malware, anti-virus software solutions in place. If you are using a free anti-virus software make sure it offers Ransomeware protection. Lastly, keep up with software updates and patches. Don’t ignore those software update messages. Share this security tip.
Learn more on how to protect your business against Ransomeware.
Cyber Attack #4
Denial of Service (DoS) is when an application, network or system becomes unavailable to its legitimate users because it has been overwhelmed by an attacker’s malicious actions. The hacker bombards the target machine, network or website with a barrage of requests preventing use of the service.
Cyber Statistic: 51% of small businesses experienced denial of service attacks
Security Tip: Understand vulnerabilities by knowing what external facing assets you have. Internet-accessible systems and applications should be well protected. Determine how an outage would impact your business and customers. Click here to share this security tip.
Learn more about DoS attacks and prevention.
Cyber Attack #5
Insider Threats and Misuse which includes any kind of unauthorized or malicious use of a businesses’ information. According to recent reports by IBM and Verizon, insider threats are responsible for 60 to 77 percent of all data breaches. Unfortunately, companies need to think about the impact disgruntled employees or ex-employees can have on their business. Especially since the overall organizational structure of how a business operates has changed to include freelancers, contractors, and remote workers. Couple this with the increased dependency on cloud services, BYOD and work from anywhere policy – as long as the work gets done. These factors create a whole new era of insider threats and security risks.
Security Tip: Know what sensitive data you have and who has access to it. Monitor access and put access management controls in place as well as a minimum necessary policy. Share this security tip.
Learn more and get started with your plan this month!
October is National Cyber Security Awareness Month. Co-founded by the Department of Homeland Security and the National Cybersecurity Alliance to help educate both businesses and consumers on industry treads, threats and best practices.
TechStak is Proud to Be a Cybersecurity Awareness Month Champion
Other Resources You Can Use Now:
Download our National Cybersecurity Alliance Month Employee Education Toolkit. Use it all year round to create a more cyber aware business.
Take the Cyber Security 101 assessment for non-technical small business owners and employees through the Small Business Big Threat program. The course is a comprehensive 60-minute learning course aimed at helping you assess and protect your business.
The Cybercrime Support Network provides an entire list of resources to help you before, during and after a cyberattack.
You can access other Natiaonl Cyber Security Alliance programs such as CyberSecureMyBusiness and StopThinkConnect through StaySafeOnline.
The LockDownYourLogin program offers six simple steps and practical, easy to implement to solutions to protect your accounts and overall online security.
Cybersecurity entails a system of protections put in place to guard against attacks, manage existing threats, and detect potential breaches.
With every business being a potential target for scams through any vector, how will you protect your business?