According to the Federation of Small Businesses small firms suffer 10,000 cyber-attacks every day and cybercrime costs the small business community billions of pounds a year.
Many small business owners push cyber security to the bottom of a long list of things they must deal with, thinking that larger businesses are the main target for cyber criminals, unfortunately this is not the case.
Small businesses generally have less defences, less awareness and of course less resources, this means they are a much easier target for cyber criminals. With many attacks now automated, attackers can target hundreds of thousands of small businesses at a time.
Cyber security may seem like just another thing to add to the never-ending list of things you have to do, but if you haven’t thought about it and something does go wrong you’ll wish you’d moved it to the top of the list sooner.
Here are our Top 5 Small Business Security Threats and what to do about them
The most widespread cyber-crime is phishing…it can be used against individual people or against businesses. We’ve all had a phishing email – they usually try to look like they are coming from a trusted source, such as your bank or telecoms provider. They are attempting to trick you into revealing sensitive information or can be the first step in a Malware (see No 2) or Ransomware attack (see No 3).
The main issue with business Phishing attacks is that they could be aimed at any member of the business’ staff and although some are easy to spot, they are getting more sophisticated every day.
Having robust email security can prevent phishing emails from ever reaching your employee’s inboxes. All businesses should also invest in cyber security awareness training – ensuring all your employees are trained to recognise and report suspicious emails
Malware covers a huge range of malicious code such as the Trojan Horse, Virus or Worm created by hackers to gain access to your computers and networks – usually with the intention of stealing personal or financial data.
Malware can come from an email (phishing), downloads or connecting infected devices to your network. As well as stealing data Malware will very likely cause your computers and network permanent damage – meaning downtime and cost for replacements.
The best defence against Malware is a robust central admin that manages devices and ensures all security is up to date. Once again training your employees is key – educating the team about clicking unknown links and downloading files.
Once quite rare, these attacks have become more common as they are one of the most lucrative forms of attack and result in immediate financial reward for the cyber criminals.
They involve the attackers encrypting data so that it cannot be accessed or used and then forcing the company to pay a ‘ransom’ to release the lock or prevent public sharing of the data. Unfortunately, the payment of the ransom does not always result in the release of data and just like with any ‘blackmail’ payment the criminals may come back for more!
To prevent Ransomware attacks businesses need to have Endpoint Security on all devices to secure your network’s entry points. It is also essential to have a comprehensive Cloud Back-Up solution in place to mitigate data loss. Even if a Ransomware event should occur the business can quickly recover their data from the back-up and carry on working.
We all know the danger of weak passwords…mother’s maiden name or child’s name, add in a number to replace a letter and stick an exclamation mark on the end and you are good to go right?
Multiply this kind of weak password for every employee in your business and all the multiple services they need to access to do their job and you have a recipe for disaster. The worst problem here is that unlike phishing, malware or ransomware – you may not even be aware that you have been compromised.
Well for a while the advice was continually changing user passwords, but this just made things worse…people simplified their passwords even more so they could remember them, or stuck them on post-it notes on their desks!
The real solution is a Password Management Solution that ALL employees are required to use and of course simplifying business systems so as few passwords are required as possible.
Consider adding multi-factor authentication so users need more than just a password to login to sensitive data.
It is sad to think that a major cyber security threat is the people who actually work in the business. Former employees and contractors are serious weak spots and may have access to critical systems and data within your business. Breaches can be caused through malice, but also just through carelessness.
It is important to put in place systems for contractors to access your business systems and data and also processes for employees leaving the business. Ultimately a culture of cyber awareness, through regular cyber training, will help to prevent issues in this area.