If you’re a small business owner who thinks cyber criminals don’t care about you, you’re wrong. They care. They care a lot. While the “Big Boys” might have exponentially deeper pockets, they tend to have better security as well. Too many SMEs make it laughably easy for the bad guys to get in, steal assets, and be gone, like taking grass from a chinchilla. If it sounds like a good idea to secure your business, and for that matter your personal life, against the Armageddon hackers can wreak, we’ve got seven types of attacks to watch for.
1. Rogue Insiders
It makes the stomach hurt to contemplate but often security breaches come from within via the hand of a trusted employee. They know the lay of the land, so to speak, better than any outsider. Preventative actions should include closing accounts of any former employees, allowing sensitive access only to a trusted few, and installing tracking software for everyone. It doesn’t take a fortune in gold to patch these holes.
2. Phishing and Variations
There is perhaps no better known form of online scam than phishing (inducing clicks on bogus email links) and its offspring spear phishing. It’s one of the most effective ways to trick a person into violating their own privacy and introduce malware into a system. Smart employees and business owners still fall for this type of attack daily. The best method to fight it remains education. Beat the drumbeat of approaching every single email from a mindset of suspicion and never, ever stop.
3. Impressive Cyber Security Ignorance
For most businesses, it’s not feasible to have IT staff hanging over every employee’s shoulder, prepared to slap their hand away if they start to click on something dangerous. The only real option is incessant, never-ending education led by a qualified individual about the seriousness of the issue. Impress upon every soul at the company that their job hangs in the balance, because a single successful penetration could torpedo the company.
4. Distributed Denial of Service (DDoS)
This technique involves targeting a website with enormous amounts of traffic, so much that the site becomes slow or completely unresponsive. If your business relies on a website to function, a DDoS attack is a nightmare. Your best defense against this is to always have extra bandwidth available from your web host to draw on in the event of an unnatural traffic surge. If you’re already pegged out on bandwidth, you’ve got nowhere to go.
5. Malicious Software
Grouped under the single term of malware, you’ve probably heard of at least a few of these nasties: spyware, adware, bots, trojans, ransomware, etc. The best tactic to take against having your machines or network infected is to have strong, up-to-date anti-virus software in place. It should go without saying that you should stay on top of regular updates for things like your firewall, operating system, and other software. All it takes is a single bit of buggy or failed code to let something bad in.
With the growing popularity of DIY website builders like SiteBuilder or Wix, it makes sense to offer a caveat for small business owners who decide to save a bit of coin by going this route. Before you sign up for an extended period of time with an ultra cheap builder, consider where they’re cutting corners in order to give you an unbelievable price? Is it because they’re cutting corners on security features? Make sure you understand exactly what security measures you can expect from a website builder before signing on. We’re talking about encrypted connections, SSL certificate, site backups, malware scanning, etc. If you don’t understand all this gobbledygook, find a friend who can explain it to you.
6. Database Under Siege
Almost any business that uses computers has some sort of database working away in the background. This is where the critical business and client data is kept and is considered a prime target by cyber criminals. SQL injection is a method hackers use to send malicious code to the database, either corrupting or breaching it. There are specific actions to take for database protection, though the heavy lifting for this should probably be done by a cyber security team. Still, the boss needs to make it happen because the fallout from a ruined database can be far-reaching.
7. Bring Your Own Device (BYOD)
For many employees, personal and business worlds collide to the extent that they use a single personal mobile device for everything. The obvious screaming problem here is how to protect sensitive data downloaded to offsite devices with questionable security in place? A good precautionary measure is to require workers to access company files through a Virtual Private Network (VPN) which encrypts data flow in both directions. Otherwise you’re at the mercy of Bob from accounting’s first generation iPhone that hasn’t been updated in five years and carries an astounding collection of active malware he’s never noticed.
The Bottom Line
If you remember nothing else from this article, don’t forget that we warned you. If you’re fortunate enough to have never had your system penetrated by a cyber criminal, your time is coming unless you get proactive about fighting back. In the event of a successful attack, you wouldn’t be the first to lose everything. It’s that serious. Good luck out there!