CyberSecurity Threats to Small Businesses
October is National Cybersecurity Awareness Month, making this the perfect time to inform businesses, especially small businesses, about cybersecurity issues. A study released by Symantec revealed a 72% increase in cyberattacks against small businesses. Cyber attacks that target small businesses comprise one-third of all cyber attacks. Hackers are targeting small businesses because they generally have weaker cybersecurity than larger companies, and thus are more vulnerable to attacks. Small businesses need to understand that because of this susceptibility, they must take the steps necessary to ensure their safety. Small businesses must also bear in mind that the hackers who are targeting them are primarily after money, thus bank accounts accessible via the internet are prime targets. While top of the line cybersecurity costs more than what a small business may have in its cybersecurity budget, the unwillingness to pay a little more is not a good reason for justifying the decision not to pay for adequate security. The average cost for a data breach is approximately $200 per compromised record; therefore, the price for better security may be far less than what a small business risks by not paying.
The following are the leading threats a small business is encouraged to prepare for:
Common Cybersecurity Threats
Banking Trojans are programs that infect the PC through a phishing email, a download from a website, etc. These programs create a “hidden door” which allows the hacker to access data and operations performed on the PC. The functional aim of these programs is to record usernames and passwords for bank websites.
Ransomware are programs that cause infected computers to “mysteriously” lock and prompt the owner to pay to unlock the screen. It has been predicted by some security companies that this type of fraud will increase.
Website exploits are when hackers exploit the moments when basic website security mistakes are being made. Veracode, an application security company based in Massachusetts, did a study that revealed that 70% of web applications do not meet the basic security standards; these mistakes are windows of opportunity for hackers.
Social Engineering is a deceitful way for a hacker to obtain access to a computer by using an email to get someone to download an attachment with a virus by impersonate an IT administrator or supervisor to gain access to accounts.
How to Combat Cybersecurity Threats
The four threats mentioned above are only a few of many, but there are steps small businesses can take to better ensure their safety against such threats. A defense against the first, the Banking Trojans, is to use a different, inexpensive laptop for use solely to log into one’s bank accounts. As an extra step, have the laptop use a virtual private network (VPN) to access the Internet; this encrypts online communications, which makes it harder for a hacker to access compared to accessing the Internet using Wi-Fi. To combat the second threat, back up frequently to an external hard drive or the company server. For Website Exploits, a small business can ask its website developer to make sure the standards for website security are met (see OWASP Top 10). Finally, regarding the fourth threat, small businesses can train their employees to have better security awareness, as well as better internet navigation practices. For instance, employers can make it a policy to do personal web browsing only at home, to use private internet connections, to report computer dysfunctions, to lock computer screens, to use passwords, and finally, to promote confidentiality with data and information.