highlighted post -

Small Business Cybersecurity: 5 Risks to Watch

July 26, 2017

If you own one of the country’s estimated 28 million small businesses, then cybersecurity should be on your radar. According to statistics, about half of all cybersecurity attacks are against small businesses. Not only are cybercrimes growing, but they’re also changing as quickly as online technology. Here are a few of the types of cyberattacks putting your company at risk today.

Interested in learning more about business cybersecurity? Check out the 2017 Hiscox Cyber Readiness Report.

Malware

Whether your business is a brick-and-mortar shop with a website or an e-commerce store, criminals may use malware to mount a cyberattack against it. Malware is a nickname that refers to any kind of malicious software that criminals release into the internet. They use it to damage your system and gain access to it. Malware describes worms, Trojan horses, ransomware and viruses. To fight back against these types of cyberattacks, you may want to invest in anti-virus software. Beware of popups that offer required updates as these are often hiding rogue software. Also, remind your employees that they shouldn’t open emails from unknown individuals.

Denial of Service Attack

When a cybercriminal launches a denial of service, or DoS, attack, he or she overloads your system with an excessive amount of data and information all at once. This overload comes from multiple computers, and it’s usually big enough to shut your system down. DoS attacks are common, but you can defend your system against them by using analytics to track unusual traffic flow spikes. Be sure to keep your security software updated. By doing so, you’ll be able to prevent problems from these types of attacks.

Password Cyberattacks

Internet security experts advise small business owners to select passwords that don’t feature common words or phrases. You should also avoid using one that’s a variation of your company’s name or anything that relates to it. There are three common methods for attacking your password. They include:

  • Brute force attacks
  • Dictionary attacks
  • Key logger attacks

 

If a cybercriminal goes after your company’s system with the brute force attack, he or she will use a technique that’s similar to old-school criminals who crack safes with stethoscopes. In the cyber world, he or she will use a program that attacks your system’s password by attempting different sets of popular words. Sometimes, hackers will acquire a list of your employees’ names and then use this list to attempt easy-to-guess passwords based on the first and last names of each employee. If a cybercriminal attempts to break into your system by using pet and family member names, this is also considered a brute force cyberattack.

 

The dictionary attack is similar to the one that cybercriminals use when they employ the brute force tactic, but with the dictionary version, they narrow their focus. Cyberthieves know that most people select passwords that are seven characters or less in length, which are the kind that they can find in a dictionary. Keep in mind that where you log in makes a difference. If you use an unsecured Wi-Fi connection, it is public and easier to hack.

Cyberthieves also use key logger attacks against small businesses. When criminals choose this technique, they set up programs that track every keystroke you make. These programs gain access to your passwords and sign-in identifications. If you log into your company’s system with a username and password, then you’re at risk of falling victim to a cybercriminal. Setting up security on all your company devices is the best way to defend against these types of attacks.

Phishing Scams

When big phishing scams are successful, you usually hear about them because of the large amount of money that corporations lose. However, small businesses are also at risk for this kind of cyberattack. Spear phishing is a popular scam that involves tricking a company’s owners or its employees into downloading software that is infected with a virus. Phishing scams also frequently involve advertisements and messages that tempt targets to click on them. Always use caution when handling suspicious emails.

Employee Attacks

In too many cases, current or past employees are responsible for cyberattacks. When an employee quits or you fire someone, you surely ask him or her to return the keys to your business establishment, so be sure to block their access to your company’s systems as well. Some of the most devastating cyberattack breaches happen when past employees choose to misuse their data access to gain entry to a previous employer’s systems. A disgruntled ex-employee may even use ransomware against your company. Ransomware steals your business’s data and holds it hostage until you pay for its return. Changing a former employee’s access codes will help protect against these types of threats.

Increasing Your Cyberattack Protection

Once you know the risks, you can take steps to implement a protection strategy for your data to limit potential damage. To do this, add encryption technology to your servers, laptops and desktops as well as to your mobile devices. Monitor your systems by installing internal controls. Also, train your staff on the proper way to handle and protect your company’s sensitive passwords and data. For added protection, get into the habit of backing up your data daily.

In addition to protecting your company against common cyberattacks, you may want to consider adding an enhanced security element in the form of insurance. Commercial crime insurance gives you protection against financial losses, securities and any other property that a thief steals through his or her computer. This type of small business insurance also protects you against dishonest employees and stolen funds. If one of your employees steals something like money or personal property from one of your clients, then commercial crime insurance can provide up to $5,000 in compensation.

Many Ways to Stay Protected

By being aware of the dangers of a cyberattack, you can take steps to protect your company. In addition to keeping your anti-virus software up to date, you may want to consider adding cyber coverage to your existing business insurance policy. If your initial defense fails you, then your insurance company may be able to compensate you.