the fear of this has trickled down to SME’s and startups alike.
“SMEs have not historically been the target of cybercrime but in 2015 something drastically changed,” says Toni Allen, UK head of client propositions at the British Standards Institute (BSI). “The latest Government Security Breaches Survey found that nearly three-quarters (74%) of small organizations reported a security breach in the last year; an increase on the 2013 and 2014 survey. SMEs are now being pinpointed by digital attackers.”
Many small businesses are ignorantly believing that they are safe due to their size and that are too small to be of interest to hackers. This is in fact the opposite, these cyber criminals are aware that SMES and startups have not yet raised their defenses to an adequate level due to lack of human and financial resources. That, coupled with the increasingly innovative nature of young companies makes them an attractive prospect.
Cloud storage is the ideal solution for many businesses because of the cost savings and increased business agility it offers. With so much sensitive and pivotal company information stored in this way, it’s critical that everyone within the business is doing their utmost to protect their data in the cyber realm.
There are a number of cyber threats that small businesses face, and these include:
- Denial of Service (DoS)
A huge volume of data and useless traffic is pushed towards a websites server with malicious intent. The website becomes overwhelmed and ultimately crashes, rendering it useless to users and can be extremely destructive, causing loss of revenue and impact a reputation. They are commonly used by hacktivist groups (think Anonymous) and extortionists and can for weeks and even months.
In these cases, the criminals manage to access the network, usually by taking advantage of vulnerable software. These attacks are typically launched in order to gain access to what is called ‘personally identifiable information’ that businesses hold on their customers, such a credit and debit card details. This can result in the loss of a client base and the loss of the competitive edge within the industry
Ransomware is typically found in phishing emails, which we have all received. Many of the crude attempts are trying to convince us that the prince of Nigeria wants to send us some money, or my personal favorite – there is an astronaut that has been stuck in space for 14 years, and they need some money to bring him back home.
By clicking on any malicious links in these emails such as these, the data on the businesses network becomes encrypted and in return for the decryption key – a ransom is requested.
- Director Fraud
It’s difficult for me to believe that this type of activity actually passes, but I have it on good authority that it does. Director fraud, or CEO fraud is where a criminal will pose as someone in a senior position within the business by hacking their email account. Emails are then sent to employees with financial authority convincing them to make a payment.
You don’t need to be hot on your ‘tech’ to protect yourself against potential threats, more than 70% of cyber breaches can be prevented by implementing some basic security practices.
Be Password aware
I admit it – I am guilty of using the same password for everything, but making your password complex is one of the first lines of defense when it comes to a potential cyber-attack.
Making it company policy that all passwords are changed every 3 months and different passwords are used across all of your platforms, by using the same one you are making it easier for criminals to access huge volumes of business data.
Most software will now analyze the strength of the password that you are proposing and indicate to you whether it should be more complex. As a rule of thumb, ensure all passwords are a minimum of 8 letters, a mixture of lower and uppercase and characters and be sure to incorporate random symbols and numbers.
Install Anti-Virus and Malware Software
‘Malware’ software is bad news and the majority of the time it will already have infected your device before you are even aware. Types of malware that you are vulnerable to is viruses which infect and corrupt files, backdoors which opens files to allow data to be stolen and rootkits which continually spy on your computer and the data it holds.
Anti-malware software will protect your device and network from infection. They usually attack from 3 angles, detecting any malware, removing it and repair any damage caused by it. Some of the premium software also runs website checks, and recognize any websites that have the intention of delivering malware before blocking access to the site.
There are software packages that automatically encrypt files for you, however you may wish to encrypt them yourself if you don’t have access to this service. Encryption can help in your quest to fight off cybercrime and keep important documents safe from hackers.
Encryption works by scrambling the data on your files which makes them unreadable to outside sources and protects data from being stolen and interpreted on other devices. You can encrypt your hard drive for free fairly easily and whilst you may think there is nothing of worth in the cloud or on your computer, files can easily end up in the wrong hands.
If you use Windows, then installing BitLocker and selecting Trusted Platform Module alongside a PIN will ensure your drive encryption is of the highest security possible. If your computer is older than Windows 7 then you will only be able to use the USB authentication method.
Be Safe in WiFi Hotspots
Great you found some FREE WiFi!!! Really? No, not great. Public Wifi is literally a hackers dream, masses of unsuspecting browsers going about their personal or business activities on a single network where the password is available for the great unwashed….
Yusuf Yenegah, Director at Microbyte Solutions offers some advice, “Protect yourself when using public WiFi such as using a VPN, this encrypts your activity and protects it from prying eyes. Ensuring that your software is up to date on any device is a key area where you can protect yourself. Be sure to ALWAYS verify the name of the network, it’s not uncommon for hackers to set up their own hotspot using a very similar name, leaving all of your details in their lap as you are going about your various activities.”
The government launched a Cyber Essentials scheme in 2012 to ensure that business across the UK had support in handling their cyber safety sufficiently. As well as adopting this government standard and implement the above measurements it should be known that much damage can be caused by human error. Without doubt, any employee within the business will be aware of the cyber threats faced by businesses but not fully engaged with the impact it can have on your business. The fact is, we’re all used to protecting ourselves online, however some can have a relaxed approach in the workplace; as the BYOD trend becomes more prevalent it’s essential to ensure any devices being used are up to date with the latest anti-virus protection software and firmware updates.
A recent report by Mimecast, a security firm, found that 79% use their personal email accounts for work. What you may not realise is the personal information you share can end up being automatically backed up, mirrored and archived on systems and servers outside of your control, even after you’ve left the company.
Being diligent is the first step in ensuring high levels of protection within the business. Cyber-crime is a REAL threat, and by ensuring your security is revisited at least every 90 days will minimize how vulnerable you are to being attacked.