50% of small businesses have been breached within the last 12 months
When you picture the average hacker, you might assume this lone individual will be targeting a large corporation in order to get a large payoff for their efforts. But if you run a small business, that assumption can cost you dearly.
Small businesses are often more appealing to those who conduct these malicious attacks simply because they don’t have the proper safeguards in place. Regardless of what type of business you run — whether it be a sole proprietorship, a small business with 10 to 20 employees or a large organization with hundreds of workers — you need to do everything you can to protect your organization. Learning more about the types of cyberattacks you might encounter, how to recognize when a breach has taken place and what you can do to educate your employees is an excellent start.
Techopedia defines a cyberattack as a “deliberate exploitation of computer systems, technology-dependent enterprises, and networks.” These attacks are orchestrated through malicious code that “infects” a system to alter a computer’s data, coding or logic. This can subsequently lead to other cybercrimes like identity or information theft, fraud or extortion, and much more.
According to a recent survey, the most popular types of cyberattacks that businesses experience are:
Web-based attacks refer to threats you may find when browsing the internet. These malicious software programs will often target users who don’t have security products installed on their computers. In other cases, these programs are designed to target popular applications or operating systems; they reel you in by telling you your computer doesn’t have the latest update, for instance. Some of the most popular applications for these threats, according to security product brand Kaspersky, include Adobe Reader, Java, Windows and Internet Explorer. Whether your business uses these programs or not, you and your employees need to surf the web with extreme caution and never agree to download any updates that are not recommended by the program itself.
Phishing refers to attempts to trick users into clicking on links and/or giving confidential or personal information that can then be used to defraud that individual or business. Phishing emails, for instance, may look like they’re from a sender you trust (like your bank, a social networking platform or a retailer). If you respond to that email or click on the link provided and then give up your username, password, bank account information, credit card number or other data, you may not even realize you’re being scammed until it’s too late. With this information, a hacker can quickly take over your identity and steal from you or your business.
In many cases, phishing and malware can overlap. Ransomware attacks usually involve an email that contains a link or file that appears innocuous but actually contains dangerous malware. Once a user opens the attachment or clicks on the link, his or her computer immediately becomes infected. These malware programs encrypt the computer, which locks the user out of everything on the device (like files, folders and drives). Sometimes, the entire network can become infected. Then, the user will receive a message that promises to unlock the system in exchange for payment (usually requested in Bitcoin, a type of digital currency) — hence its name.
Ransomware is now an extremely prevalent phishing scheme. According to a report conducted by PhishMe, 93 percent of phishing emails sent last year contained ransomware. And considering that there were 6.3 million phishing emails sent just in the first quarter of 2016, that’s a lot of threats to be worried about. The reason for ransomware’s increasing popularity, according to experts, is the fact that it’s become much easier to send and offers a higher return on investment for cybercriminals. With other types of attacks, it can take a while for criminals to get the money they’re after; credit card and identity fraud both require more of a time commitment. But individuals and companies are more likely to immediately fork over payments so that they can get their system back. It may sometimes even seem to make financial sense to do so, since these ransoms rarely translate to more than $1,000. However, most experts recommend that you should not pay the ransom since there’s no guarantee your files will be returned. In addition, sending payment to cybercriminals only encourages this behavior in the future.
How to identify a phishing email
You might assume that phishing emails are obvious to spot, but they’re getting more sophisticated by the day. In many cases, attackers can nearly replicate a business’ logo and letterhead, making it almost impossible to distinguish these fake emails from the real thing. But there are some telltale signs you can watch out for:
In a word: absolutely. The 2016 State of SMB Cybersecurity Report found that hackers had breached half of all small businesses in the U.S. within a 12 month period. But shockingly, a survey recently published by Manta shows that 87 percent of small businesses don’t think they’re vulnerable to a cyberattack. Further, one in three small businesses doesn’t even have the proper tools (like antivirus software, firewalls, data encryption programs or spam filters) to protect themselves.
Unfortunately, this mistake comes with a colossal cost. According to CNBC, some attacks can derail a small business’ revenue-generating activities for up to a week, but a the long-term impact on a small business’ operations can be much worse. The U.S’ National Cyber Security Alliance found that 60 percent of small businesses that are the victim of a cyberattack go out of business within six months. That’s no surprise, considering companies that experienced these attacks spend an average of $879,582 due to damage or theft. They also lose an additional $955,429 on average due to disruption of normal business operations.
Other than investing in the best protective software available, one of the best ways to protect your business is to educate your employees. Around 75 percent of organizations consider employee negligence to be the greatest data breach threat, and 80 percent say “end user carelessness” is the main threat to cybersecurity. And although 70 percent of IT professionals claim cybersecurity policies are made perfectly clear to new hires, only 28 percent of U.S. employees report ever receiving briefings on the matter.
Despite your best efforts, mistakes can happen. Wondering whether your system or network has been compromised? Look for the following unusual activities as a baseline:
Of course, prevention is the best strategy of all, so be sure to make your cybersecurity a top priority. But if a cyberattack does occur…
Unfortunately, cybercrimes like these have become part of life. While you may think your small business isn’t an appealing target to hackers, you’ll be doing your company a huge disservice if you fail to protect it adequately. Don’t operate under the assumption that you’ll never be hacked, because statistics show that it’s actually a very likely scenario. Therefore, you need to do everything you can to make cybersecurity a priority. Invest in protective software and professional IT help, provide ongoing education for your employees and stay up-to-date on all of the latest threats. This will give your small business the best chance of surviving in the digital age.
As a leading provider of outsourced HR solutions for more than 20 years, G&A Partners helps companies of all sizes streamline their operations by providing them with access to best-in-class HR policies and procedures.