As a business owner, cybersecurity is a thing that should worry you. The fact that you own a small business doesn't help because, believe it or not, small businesses are routinely under attack. Data from the United States show that more than two out of five cyber attacks target small businesses.
In 2017, more than five hundred thousand Australian small and medium businesses were affected by cybercrime. If your business employs between 100 and 500 people, the average cyber attack will set you back $1.9 million.
And if that doesn't resonate with you, just think about the reasons why the global cybersecurity expenditure is projected to reach $655 billion by 2020. The digital world is not a safe place. Your business' wellbeing is at risk. You need to do something.
Small businesses are routinely attacked so don't assume you're safer than large corporations.
Let's start with learning about the types of attacks that might be launched against your business. Even if you're not too tech savvy, you should at least learn to recognize a couple of the most common cyber attacks.
Refers to internal employees who are malicious and intends to harm the business through sabotage or theft. Or unintentionally by losing equipment or falling for phishing attacks.
Inside data theft is one of the worse as it breaks trust with your employees. Usually they steal data through a USB device or using cloud storage and passing it onto their competitors for financial gain or revenge.
A phishing attack or social engineering is even sneakier and potentially more devastating. Phishing attacks target the people who have access to your system and data. The goal of the attack is to trick the person into revealing valuable information such as credit card numbers or login credentials. This might sound silly, but these attacks can be very sophisticated and effective. They use such tactics by pretending to be a manager of your company demanding information or money. Pretend to be suppliers, customers and friends to download malicious files.
Losing business equipment such as laptops, mobile phones or storage can be very problematic. These devices usually carry sensitive information. Often due to the staff's carelessness or negligence with their awareness to protect business equipment even though it's not their own.
You've probably heard about ransomware attacks, even if you weren't a victim of one. WannaCry was a particularly impactful one, as were GoldenEye, NotPetya, and a bunch of others. Ransomware attacks are pretty straightforward, as they usually encrypt your data or restrict access to your system until you pay the amount of money the attacker wants. Other common ransomware includes browser pop ups pretending to be the police or a ransom bluff where they record you doing embarrassing things through the webcam.
Malware attacks are attempts to install unwanted software on your computer. With the software in place, the attacker can either look at your data, steal valuable information, use your computer to attack other computers, or simply format your hard drives for a laugh.
Here are some of hacking techniques but there's a lot more that are unknown. There are DDoS attacks, zero-day exploits, SQL injections, and many other ways people will try to take advantage of or damage your business. And besides knowing how to recognize what's going on when your system starts behaving weird, you need to know how to react.
How to React to an Attack
The first thing you need to do when you suspect your business has been a victim of a cyber attack is to put your response plan into action. Here's why you need a response plan.
No one takes cyber attacks lightly, and that includes the authorities. You might be obliged to do some things if you've had a data breach. Even operating on certain markets makes you subject to the rules of that market regarding data protection and reporting of security breaches such as the GDPR (General Data Protection Regulation)
You also need to make sure the authorities know what happened. Just like any other crime, cyber attacks are something you report, and you report them to the ACORN. But you should also change your passwords, notify your bank and even freeze accounts, make secure backups and reinstall systems, and do whatever else minimizes the potential damage in the short term. And then you might need to hire a forensic team to determine the extent of the attack and help you shore up your defenses properly.
You will need to do all of that quickly under the looming threat of your business going under due to a catastrophic attack. And that's why it pays off to establish security procedures beforehand and be ready for a cyber attack, security breach, or any other potentially dangerous incident.
Tips to Stay Cyber Secure
The best way to prevent your business from becoming a victim of a cyber attack is to keep everything offline and don't use computers at all. Of course that's not an option, you need to find a way to use the tech you need to stay competitive in a safe and secure way. Here are some things other businesses are already doing:
- Put proper software protection in place. Having a robust firewall in place is highly recommended, as is installing antivirus and antimalware software.
- Make regular data backups. Some businesses have a system that backs up their data on a daily, weekly, monthly, and even yearly level.
- Do regular software updates. Your antivirus software needs to be updated regularly, but you shouldn't stop there. Ideally, every piece of software a business uses should be kept completely up-to-date.
- Use strong passwords. A strong password is a password that's long, that uses a combination of letters, signs, characters, and cases, and that only has one account to secure. Never reuse old or existing passwords.
- Use multifactor authentication. Don't rely only on passwords for security. Think about adding another layer of authentication that relies on biometric data, or tools such as the Titan Security Key.
- Assess vulnerabilities. Know what your business' week points and the most valuable assets are. For example, if your business stores your customer's credit card information, that's the asset bad actors will go after. Make sure you protect it well.
Probably the most important security feature is a well-educated workforce. The human factor is also often the weakest point.
Security Best Practices in the Workplace
As an employer, your job is to ensure the implementation of cybersecurity best practices in the workplace. One of the best ways to start doing that is to organize security education for your employees.
At the very least, your employees need to know how to recognize a phishing email and how to create, store, and use passwords. Additionally, they should understand why it's important to access websites with a secure connection even if you set up the browsers to prefer HTTPS addresses.
Next, you should establish safe communication practices. Employees should know who they can and can't contact using their business emails, and what type of data they can share. You might also want to address the issues that arise from using the employee's devices at work and with the business' network.
Dealing with the consequences of a cyber attack can be much more expensive than implementing proper security measures. Then again, there's always something else you could do to protect your business from online threats, which makes cybersecurity look like a difficult race with no end in sight. However, if you adopt a reasonable approach to cybersecurity and target specific vulnerabilities, you can keep your business safe from cyber threats without breaking the bank.
Contact us for IT Services in Perth for any security concerns and assistance on securing your business.