Monday morning, looking forward to the week and as you open your computer, the thought of a cyber attack is the last thing on your mind.
But, staring at you is this unfamiliar screen with the message.
Your heart drops, and you know this week will be horrible! You’re the hostage of a hacker until you pay the ransom.
You've read about them, but "they always happen to someone else!". Ignoring the fact that cyber-attacks on individuals and businesses of all sizes are now a daily threat.
A study by the University of Maryland calculated that hackers attack every 39 seconds. With over 1 000 attacks a day targeted at small businesses, according to the Verizon 2019 Data Breach Investigations Report (DBIR).
Hackers are increasingly targeting small and medium-sized businesses. Knowing they are easy targets with both limited resources and limited knowledge.
So, it is up to business owners to learn more about and invest more in digital security.
Jesse Rothstein, CTO of online security provider ExtraHop says:
FREE COURSE
Take Your Business to the Next Level with my Free 5 Step Business Improvement Course
Get it now and start the course.
“Modern IT infrastructures are more complex and sophisticated than ever, and the amount of virtual ground that we’ve got to safeguard has also grown exponentially.”
The Cyber Attackers
Attacks come in many forms, which include phishing, whaling, social engineering, Distributed Denial of Service (DDoS), malware and ransomware.
According to CSO Online, 92% of malware is delivered by email, designed to trick an individual into clicking a link. Opening an attachment, giving out critical information or even giving computer access to the hacker.
About 70% of the attacks are from outsiders, including 40% from organised criminal groups. But another major player is governments and their agencies, with about 23% of the breaches.
It is concerning that about 30% of the incidents are internal offenders, including 2% of partners in firms.
The Victims
Smaller organisations with 1–250 employees, have the highest targeted malicious email rate at 1 in 323. (Symantec)
But no business is too small or large to fall victim to a data breach. And no industry is immune to attack.
The insurance carrier Hiscox revealed:
“More than half of all small businesses having suffered a breach within the last year and 4 in 10 having experienced multiple incidents”
The Consequences of a Cyber Attack
The consequence can be devastating!
Sixty per cent of small businesses go out of business within six months of being a victim.
Hiscock further revealed that, on average, these incidents cost businesses of all sizes $200,000.
Steps to Take to Defend Against a Computer Attack
Business owners must make high-tech security a top priority.
According to Accenture, while small businesses are the target of 43% cent of cyberattacks, only 14% are prepared to defend themselves.
With these growing threats, businesses must have strategies for fighting this cyber war.
Ensuring that every employee from top to bottom knows that they are responsible for maintaining security.
Here are the defenses that every business should put in place.
Budget for Cyber Protection
Protection is not free!
The annual budget must include cyber security costs. The risk of excluding them is that the consequences of a breach will cripple and may destroy the company.
Staff Training
Train all staff in up-to-date high-tech behaviour.
As cybercrime is ever evolving, there should be regular updates to maintain awareness of the latest online threats and trends.
All staff must understand the dangers of clicking on unsolicited email links and attachments, being alert for fraudulent emails, and knowing that these are among the fastest-growing forms of “phishing”.
The training should include teaching drills and exercises grounded in real-world everyday scenarios. Routines and exercises that test employees’ ability to detect scammers. Employees must have clear guidelines on how to respond to fraudulent requests.
System Testing to Prevent a Cyber Attack
Test computer networks and applications regularly for vulnerability and risk, with tests designed to find and eliminate possible points of failure.
Use AI analytics tools to scan networks, user accounts, and applications to determine normal behaviour. Use these to auto-detect and immobilise suspicious activities before they spread.
Use Firewalls and Antivirus Software to Protect Devices
Build security fences and warning systems around internet-facing applications like web servers and cloud services.
All computers, smartphones and tablets should have good antivirus software protection.
Distributed denial of service (DDoS) protection is essential for many industries. Guard against non-malicious interruptions with continuous monitoring and capacity planning for traffic spikes.
Be Wary of Inside Jobs
Remember that over 30% of attacks are the work of insiders.
Track insider behaviour by monitoring and logging access to sensitive data. Make it clear to staff how good the controls are at recognising fraudulent transactions.
Control Access
Limit employees’ access to only the files, folders, and applications they need for their work tasks.
Where possible, use 2 Factor Authentication or even multifactor authentication. There must be multiple checks and approvals before authorising any critical requests.
Track email for links and executables. Give staff ways to report potential phishing or pretexting.
Limit Access to External Devices
Prohibit the use of any removable media (e.g. USB drives). With routine monitoring and scanning of any device connected to a computer system or network.
Be Careful What is Clicked and Opened
Social attacks are an effective way to capture credentials.
No one should click on links from unknown people. No clicking on links in email or even in social media from known people if the link or context is something unexpected from them.
If you don’t know what it is or who it’s from, hit “delete.”
Don’t Fall for Fear Tactics
Brian LaBone, Senior Support Technician at Infoquest Technologies said:
“Websites with malware are a major source of infection (more than email).”
“Pop-up messages on a website that say your computer is infected and that you should call an 800 number are still fooling consumers.”
Keep All Software up to Date
Install the regular security patches and updates the software providers provide as soon as they are available.
Computer or website-building software often contains weaknesses. These weaknesses allowing hackers to gain access to systems.
Have a Complete Backup System
Make and test backups of data and files, with failsafe secure copies to use in case of system failure or compromise.
Install and Regularly Update Antivirus, Network Firewall, and Information Encryption Tools
These systems are critical to scan for and counteract viruses and harmful programs, guard against incoming attacks and keep sensitive information safe.
Use a Virtual Private Network (VPN)
A VPN encrypts the information sent to or from devices. A VPN prevents hackers from accessing the device or seeing what you type or where you go online.
Using a VPN is essential for security if you’re using public WiFi. RDP (remote desktop protocol) is also advisable when logging onto a remote computer.
In Closing
Often costs and efforts related to cyber security are grudge purchases as they may be considered a waste of money and time.
Yet they can be a saviour for your business and your life.
Unfortunately, you will only see the value after being the victim of a hack. And by then, it’s far too late!
But as the scope of the internet explodes, so do the risks. With the interwoven lives of individuals and organisations, the consequences of cyber breaches can be devastating.
Don’t risk becoming a victim by neglecting this essential business requirement.
Other Cyber Attack Resources
- State of Email Security 2023 - get the report
- If you are not convinced that your chance of becoming a cyber-attack victim is increasing, then read more scary statistics in this article from SafetyDetectives.
- Data breaches occur often (far too often!) and they are a very delicate situation, we underestimate the amount of information that some companies handle about their employees or users, and these show us the scary side of data privacy. The lack of awareness of cyber security is dangerous to everyone and this article clearly explains the risks.
- Data Privacy and Data Security Statistics You Need to Watch - "Everyone wants your data. Companies want it, governments want it, and (worst of all) criminals want it. Knowledge is power, after all". We’re currently experiencing an unprecedented level of threats targeting our data, whether that’s vulnerable big data stores or hacking attacks.