Small businesses face many threats to their existence, none greater than the threat cyber-criminals pose to a business. Securing the IT infrastructure of your business, no matter the size should be a top priority. Knowing what threats are out there and how to protect against them should be the starting point to securing your business from cyber-criminals.
Small businesses can deal with vast sums of money, or hold the keys to a treasure trove of information, which, under regulations such as GDPR, they are sworn to protect. For these reasons, small businesses are lucrative targets for cyber-criminals. A combination of the aforementioned assets, the average size of a small business' knowledge and implementation of proper cyber hygiene makes for a cybercriminal's paradise.
#1 Phishing Attacks
The easiest attack to conduct and one of the most destructive to a business. Phishing attacks are widespread, accounting for 83% of all breaches in for-profit businesses and 79% of breaches in not-for-profit organisations. Phishing emails are emails sent by a cyber-attacker posing as a trusted contact, through a method of spoofing or using compromised credentials, to request sensitive information, download a malicious file or click a harmful link.
With the move to homeworking since March 2020 phishing attacks have breached the defences with increased ease, without users being able to call up in the office to their colleagues when they receive an email out of the blue to confirm its legitimacy.
One of the reasons phishing emails are so hard to combat is their use of social engineering to exploit users, as opposed to exploiting technological weaknesses. The success of a phishing attack relies on the compliance of the user and their response to perceived authority. That said, there are technological defences against phishing attacks that can be implemented.
Having strong email filtering security is key in any organisation's cyber-crime deterrence efforts. Email filtering services are implemented to prevent phishing emails from even touching a user's mailbox. An email filtering solution is essential to blocking phishing attacks and many provide insight into attacks blocked, through reporting and allowing users to report emails that might have slipped the net to allow for improved filtering next time.
Example of a phishing email
We provide email security as standard with a managed service agreement, many Managed Service Providers do not and will include it as an optional extra or not have an email security offering at all. Check with your IT provider to see if they provide email filtering for your organisation.
With the nature of phishing attacks being to be inconspicuous as well as pretending to be a legitimate sender, they can fool even the strongest email filtering system. It is important that users are alive to the threats that phishing emails pose and what to look out for to prevent them from being the next victim. Many businesses have begun implementing mock phishing exercises to bring awareness in users to the make-up of a phishing email without the catastrophic implications of a live attack. Mock phishing exercises are often offered by security-minded managed service providers, including ourselves. Learn more about our cyber security offerings.
#2 - Malware Attacks
When someone thinks cyber-attack they often think of the computer virus. Malware encompasses viruses as well as other cyber threats such as trojans. Malware is a term for malicious code that hackers create to gain access to a business network. Once inside the malware often then implements a multitude of malicious activities to steal, destroy or encrypt data to hold the business to ransom.
Under the umbrella of malware are computer viruses. Viruses have been around since day-dot of computers. Like human or animal viruses, they exist to do harm for their gain and growth, exploiting the host and jumping to the next victim. Computers or other devices that play host to a virus or other malware can be used to gather data from the host's network, be used as a vector for other attacks on other machines inside or outside of the host machine's organisation.
Malware attacks can be crippling for a small business. Malware often leaves machines spent, used up and often destroyed to clear the tracks of its malicious activities. Repairing or replacing a computer can be a great expense to a small business and that is in the best-case scenario of an infection where the virus has not managed to spread out of the host to the rest of the network causing business-ending damage to infrastructure.
Our attitude towards all cyber-security dealings is simple, prevention is better than the cure. Implementing basic cyber-hygiene best practices, such as anti-virus and update management can be the difference between preventing malware from entering your network and leaving the door wide open for any malicious hackers to enter. Operating computers without anti-virus is like leaving your keys in your car, with the windows down and the doors wide open and the engine running overnight hoping no one will take your motor... unthinkable right? Implementing anti-virus should be a no brainer for any business, at any stage in their development. Our managed service agreement, as well as email filtering, comes with anti-virus as standard for all customers.
#3 - Ransomware
Hitting thousands of businesses each year as well as hitting the headlines, ransomware has made quite the name for itself over the last 5 years. Though it was 5 years ago, the WannaCry ransomware attack on the NHS in May 2017 brought practices and key facilities to their knees. The NHS found themselves at the mercy of a faceless organisation that had designed and fired out a merciless, indiscriminate package that would lock the entire computer behind a paywall while spreading its misfortune across the host's network, infecting and locking more machines behind an untraceable payment.
Sounds terrible right? Can your business afford to experience having all your files, computers and servers locked behind a paywall with an average cost in 2021 of $170,404? Chances are the answer is no. So what are the options to prevent a ransomware attack? The first step is implementing a strong endpoint protection software (anti-virus.) Much like the previously mentioned malware, ransomware will enter a network through a dodgy download (trojan attack), a malicious email with a link (phishing attack) and a multitude of other vectors for entry. Cutting down on the vectors through the implementation of endpoint protection, mail filtering and user training is a massive help towards stopping your business from becoming the next victim of a business-closing ransomware attack.
Preparing for the worst-case scenario is something that is done in many departments of the business. Business insurance comes in many shapes and sizes and you wouldn't dream of not having it. Ensuring your IT, files and systems are covered by a managed backup solution should be a must. Having a managed, up to date backup of your servers and workstations is the only way to counter an active ransomware attack. Being able to revert to a previous instance of your network is the ultimate get out of jail card, as it rolls back your systems and files to before the attack began and remove the paywall for your files. Interested in a backup solution for your business? Speak to us about how our Managed Backup Service could be the knight in shining armour for your business should the worst occur.
- The cyber-space is a place occupied by your company and your customers. There are also criminals in this space that are poised with malicious intent towards any business, including yours. No matter the size of a business, cyber security must be a key strategic position at any stage of a business' development.
- No business can feasibly afford a cyberattack, these are faceless, merciless organisations with no regard for the implications of their actions. From 2020 to 2021 the cost of a ransomware attack increased 32% with only 8% of victims getting all their data back.
- Prevention of better than the cure. Implementing cyber security measures should be a key agenda for any responsible business owners. Seeking government-backed certification of compliance such as Cyber Essentials should be a strong consideration for business owners with any IT systems in their organisation.
- No business is too big or too small to be the victim of a cyber-attack. Talk to Concise today about how we can help implement change and provide certification of the cyber security awareness of your business.