Why do small businesses need to be aware of information security best practices? One in five small businesses are targeted in cybercrime attacks. $3.8 million is the average cost of a data breach to a company. There were 638 million ransomware attacks in 2016 alone (Source: Securityweek.com).
With staggering statistics like these, it’s critical for all organizations, especially small businesses, to understand the threats that are out there today and information security best practices.
According to a survey done by CSID of 150 small businesses, 57% of the small businesses are aware of, and even concerned about cyberattacks. However, 51% of them don’t allocate any budget towards cyber security because they don’t believe that they are storing data that puts them at risk. This train of thought points to a serious educational disconnect for small businesses when it comes to understanding their risk.
Does your small businesses have Personally Identifiable Information (PII)? PII is any piece of information that can be tied back to an individual (employees’ or customers’ names, email addresses, phone numbers, social security numbers, credit card numbers, etc.). If your answer is yes, you surely are a target, like any other organizations are. Cyber criminals have numerous incentives for snatching PII from your organization such as monetary gain, stealing a person’s identity, and aiding in the planning of criminal acts.
It’s therefore vitally important for small businesses to understand that hackers are not discriminatory when it comes to the size of the organization they’re targeting. Any organization that collects even one piece of Personally Identifiable Information could be a target for hackers.
Let’s look at the most common cyberattacks small businesses are facing and the best practices you can apply right away to protect your small business from hackers.
Types of cyberattacks that small businesses may face
When it comes to information security best practices, the first thing small businesses can and should do is to educate yourself and your team on what types of attacks are out there. As mentioned above, an educational disconnect is one of the threats small businesses are facing when it comes to information security. Below, we’ve summarized five most frequently used attacks (Source: Businessnewsdaily.com):
|Type of Attack||What Does It Do?|
|Phishing||This attack collects sensitive information like login credentials and credit card information by sending an email supposedly from a legitimate business that has a link to a legitimate-looking (but totally fraudulent) website. This is one of the most prevalent types of attack that a small business will face. (Source: Ponemon Institute).|
|Ransomware||One of the fastest growing types of security breaches, ransomware is a type of malware that will infect the target’s machine and either lock the victim out of their machine, encrypt the victim’s files, or threaten to publish the victim’s confidential information if a ransom is not paid. Remember WannaCry? That was a ransomware attack.|
|Inside attacks||These attacks happen when someone with administrative privileges purposely misuses his or her credentials and hacks into your confidential company information.|
|Malware||Short for “malicious software”, this attack covers any program that is introduced into the target’s computer with the intent to either gain unauthorized access or cause damage.|
|Password attacks||Brute-force attacks (keep guessing at a password until they get in), dictionary attacks (use a program to try combinations of dictionary words), or keylogging attacks (track the target’s keystrokes) are three types of password attacks.|
[Infographic] 6 Types of Cyberattacks that Small Businesses May Face
Our infographic has more in-depth information about these types of attacks. Download to see more details.
Download the Infographic >>
Phishing Scams: Our Own Experience & Tips
Complimentary Cloud Security Assessment
Information Security Best Practices – How To Protect Small Businesses From Hackers (6 Tips)
Small businesses fall into a cybersecurity sweet spot for hackers. They have more digital assets than an individual, with much less security than a larger enterprise. Small and mid-sized businesses are hit by 62 percent of all cyber-attacks; about 4,000 per day, according to IBM. Yes, it’s the breaches at big corporations, such as Yahoo! Inc. and Sony Pictures Entertainment Inc., that make headlines. But that doesn’t mean that small businesses are safe from cyberattacks.
What can you do to mitigate the risk of an attack on your organization? The good news is that there are many best practices that help you protect yourself:
1. Educate Your Employees
The majority of cyberattacks are direct results of phishing emails messages, websites and phone calls. Basic training of your employees is, therefore, an effective way to stop low-level threats. Educating your employees on protocols, policies and procedures is a good step in preventing cyberattacks.
- Related: Turn your end users into cyber warriors! 5 Tips to Developing and Delivering an Effective Cyber Security Training
2. Keep Software Up to Date
Having up-to-date security software, web browsers, and operating systems is the first line of defense against viruses, malware, and other online threats. Getting advice from experts on your IT infrastructure to see what can be done to keep your infrastructure current and safe is recommended.
3. Backup and Encrypt Your Data
Encryption is an extra protection on your digital footprint. The extra step in translating the data provides confidentiality and drives key security. As such, it also minimizes the risks of data loss after you have been a victim of a cybercrime.
4. Have a Plan
Whether it’s a disaster recovery and business continuity plan or a formal security policy, businesses should be proactive. Reactive actions are not sufficient to protect your organization from data and revenue loss. Even something as simple as a password strategy will help to slow down hackers. You can think of it as the same kind of deterrent as having a security alarm sticker on your front door.
What is disaster recovery? Watch the short video below. If you want to learn more about it, click here to watch a full 1-hour on-demand webinar.
5. Consider Cybersecurity Insurance
Insurance is designed to mitigate risks. Cyber liability insurance is designed to protect your business from fallouts of cyberthreats. It comes down to the ROI. Does the cost of insurance outweigh the potential pay out on cyber-losses.
6. Utilize the Right Tools
For today’s advanced threat environment, using the right tools are extremely important. Traditional IT security tools like anti-virus program can’t protect you from advanced threats like ransomware. Here are three tools we recommend. Not sure how to start? Ask an expert today!
- Microsoft Advanced Threat Analytics (ATA) allows for visibility and protection against advanced attacks by automatically analyzing, learning, and identifying (ab)normal behaviour. Watch an on-demand webinar if you want to learn more.
- Office 365 Advanced Threat Protection allows you to protect your organization’s mailboxes in real time against unknown and sophisticated attacks. It protects your mailbox against any unsafe attachments and malicious links. Learn more about Office 365 Advanced Threat Protection here!
- Windows 10 was designed to be the most secure version of Windows yet. Windows 10 is meant to disrupt the malware and hacking industry by removing the attack vectors that cybercriminals and hackers depend on.
Small Businesses, Now is the Time to Take Information Security Seriously
The cold, harsh reality is that security breaches can devastate even the most resilient businesses: cyberattacks can result in financial losses, damaged reputation, and legal and regulatory issues. And cyberattacks are not limited to just large enterprises. Small businesses are equally at risk, however, unlike their larger counterparts, too many small businesses are leaving themselves vulnerable to attack. Don’t wait until your organization become the victim of cybercrime. The time to take cybersecurity seriously is now.
- Disaster Recovery Plan for Small Businesses – Why is it Important and How to Build it?
- A Hacking/Breach Case Study – A Cautionary Tale… With Advice
- Your Disaster Recovery Plan – Do’s & Don’ts
This post was co-authored by Change Connect and ProServeIT.
About Change Connect
Change Connect offers customized change management and transformation solutions for small businesses, with a focus on leading cybersecurity initiatives. Whether you’re a start-up looking to document your cyber protocols, or an established business looking to implement an organization-wide BYOD strategy, Change Connect can help.
About ProServeIT Corporation
With over 15 years of experience in the IT industry, ProServeIT has been providing security assessments and security operations programs for clients. Need backup solutions, a disaster recovery plan, or just want to learn about more ways to protect your organization? ProServeIT’s experienced security experts will work with you to provide you with the customized guidance you need to help protect your organization from cybercriminals.