In today’s business world, if you want to remain competitive, connecting your SMB to the internet is essential. Getting online is the best way to reach out to potential customers, but there’s a catch. Cybercrime is a very real threat, and it has the potential to wreak havoc on your business with devastating consequences.
In 2017, the Ponemon Institute released a whitepaper describing the state of cybersecurity in small and medium-sized businesses (SMB). It found that as many as 58 percent of all malware attacks are targeted at SMB operations, because smaller companies are especially vulnerable to that kind of security threat. If you consider that instances of cybercrime increase every year, you can see that SMBs will continue to remain vulnerable.
Luckily there are many steps you can take to protect your business from online criminal activity. In this article, we’ll look at how you can shield your business from danger in the digital landscape.
Common Threats from Cybercriminals
We all know about hackers and cybercriminals because we hear about it constantly in the media and online, but what are the most common threats that we can expect to see from them? We’ve put a list together to explain what you should be on the lookout for and how to protect yourself.
The term malware combines the words “malicious” and “software” to represent what is, unfortunately, a pretty big category of security threats for SMBs to be concerned about.
You can think of malware as being any malicious software that causes negative effects after it’s been installed on a computer or network. The effects could take the form of files being deleted or having your computer send out hundreds of emails to people in your address book. Malware could be a virus, a worm, or a Trojan horse, or it can be ransomware, spyware, adware, or scareware.
Luckily these threats can be avoided by following best practices and by not opening any suspicious attachments. User training to enhance security awareness is one of the most effective methods for avoiding malware, so think about implementing something like that in your business, regardless of how small your company is.
Phishing is a problem that seems to never go away. It’s a tactic that cybercriminals use to steal your passwords and account information. Phishing involves email, which the attackers will use as the delivery mechanism for their trap. The email will appear to be from a trustworthy source, like your hosting provider, and it may ask you for your login details.
More commonly, a phishing email will include a link that looks legitimate. The email will prompt you to follow the link so you can either log into your account or enter your credentials as part of a password reset procedure.
What’s really happening is that the link redirects to a website that has a very similar URL to the real site, but it’s a fake hosted on the attackers’ servers. The criminals are able to read the username and password information that you enter into their web form. Then, the attackers can log into your account and take over. If it’s your web hosting account, they can redirect your site, access sensitive data, or take any malicious steps they choose.
Social engineering is difficult to detect because the perpetrators are usually very convincing. It comes in many forms, but the most common version of social engineering happens via telephone, or sometimes even in person. The caller will try to gain your trust by impersonating a member of a reputable tech company’s support staff. The criminal’s goal is to convince you to reveal your username and password.
Sometimes a social engineering attack will involve instructions that have you unknowingly install malware on your computer. Once that happens, your computer can spread viruses and malware around the network and put other users at risk.
Hacking, when criminals break into your site to do harm, is another very broad term that gets thrown around a lot, even though it’s not as common as some of the other security threats out there. Yes, hacking happens, but the instances of infections from viruses and malware outnumber hacking attacks by a large margin. Hackers could be motivated by spite or greed and are usually quite destructive when they break into a system.
A Distributed Denial of Service attack is terrible for small businesses that rely on web services to operate. This type of attack happens when multiple hosts send a huge number of bogus requests to a website. The sudden spike in requests that the server has to respond to overwhelms the system and takes it offline, making your website unavailable.
Secure Your Business
In order to ensure that your business runs smoothly, you need to keep your systems safe and secure. To do this, you must employ a few security safeguards within your SMB, but luckily they’re quite straightforward. This section breaks them down for you.
Install Antivirus Software
Installing antivirus software is one of the simplest ways to protect your computers and the network they’re part of. There are many different brands of antivirus software out there, and each is designed to operate in different market segments. Small and medium-sized businesses can find a solution that’s affordable and will effectively protect their end-users and servers from malware and unauthorized connections.
Use a VPN for Secure Communications
Many companies rely on a mobile workforce that travels to remote locations to conduct business. This can include salespeople, mobile technicians, and executives that need to attend meetings in different cities and countries. To maintain a secure communications channel with the office, it’s important to use a Virtual Private Network (VPN).
A VPN creates a secure tunnel between clients and servers and encrypts all data between the two parties. Anyone who’s trying to eavesdrop and intercept your communications will only see unreadable characters that they won’t be able to use.
Strengthen Your Passwords
You would think that, by now, the average business owner would have a much better grasp of online security, but, sadly, people use weak passwords all the time. Passwords like 123456 or the classic password123 are still very popular.
The scripts and malware that hackers use to target logins work from a database containing all of the most commonly used passwords. If you use a weak password for any kind of account, that account is far more likely to be compromised. User training is an effective way to stress the importance of password strength and security to your employees. Enforcing a password policy can also ensure that members of your staff are not using weak passwords or reusing the same passwords over and over again.
Another safeguard you can put in place is a password lockout policy. If an attacker tries to log in too many times with the wrong password, that account will be locked, preventing further attempts.
Keep Systems Current with Regular Updates
Whether you have an office full of computers and networking equipment or a single website hosted on someone else’s servers, you need to ensure that your software is regularly updated.
Operating systems and appliances need to be patched when updates become available, because the creators of these products are fixing bugs and security flaws that they were not aware of at the time of the previous release.
The same is true for your website and plugins. There may be unrecognized security holes in your web applications, plugins, and CMS system, so always make sure that everything is up to date. If you use a great hosting company, you will probably find that they keep all of the backend systems up to date, but be sure to check with your provider. If there’s software you need to update yourself, make sure that you verify compatibility with your site, and always test offline with a copy of your site before finalizing any updates.
Protect Your Information
Information is the lifeblood of your business, so it needs to be protected at all costs. If you lose your customer files or invoice history, then your ability to make money would be severely impacted. If you lose your current orders or work in progress, you could upset customers and risk serious damage to your business reputation. In order to prevent these kinds of disasters, consider some of the protective measures covered in this section.
Perform Regular Backups
This has to be one of the easiest ways to protect your business data. Even if all you do is a weekly backup to removable storage like a thumb drive, you’re capturing valuable snapshots of your data.
There are backup service providers that will copy your data to the cloud, making it much less vulnerable to loss and corruption. It’s a good safeguard against ransomware, which can lock you out of your data, rendering years of records and files useless.
Whether you use a service, install software to automate the backup process, or have a simple reminder on your calendar, doing regular backups is the single most important step you can take to protect your data.
Use Trusted Service Providers
Free online services can be a great way for an SMB to save money. Thanks to some of the tech giants that offer storage and email solutions for free, we’ve gotten used to not having to pay for some basic services.
You need to be sure that you understand the terms and conditions of any online service that stores your business data, especially in light of new European regulations like the GDPR. Violating the GDPR can land you in serious trouble. If you do not adhere to its guidelines, the penalties are steep and can affect your revenue, so make sure that you vet all of your providers before you sign up for their free online services.
Limit Access to Your Files and Resources
If you run a small company, access to your business data and online resources should be given only to people who need it to do their job, and everyone else should be denied access. Limiting access is a best practice and will help to prevent data leaks, file deletion, and file tampering, although the danger can never be fully mitigated. People are the weakest link in the security chain, so limiting access to your business data can be your first line of defense.
Take a Proactive Approach to Cybersecurity
Keeping backups of your data, updating your antivirus software, and limiting access to your resources will go a long way towards protecting your business from hackers and scams.
One thing in particular, user training, will have a major impact on keeping your SMB secure. You’ll be in a much better position once your employees understand why they shouldn’t open suspicious emails, know not to give out passwords over the phone, and learn other online security basics.
We hope that these tips will help you protect your SMB and that you can start to build a security-conscious organization that takes a proactive approach to keeping your business data and online resources safe.
Do you have any online safety procedures in place for your business?