High-profile cyber attacks over the last few years have raised awareness of the ever-increasing threat of cyber crime. During the 2013 holiday season, Target, the department store retailer, fell victim to a massive data breach. By the time the breach was discovered weeks later, 110 million people’s credit/debit card and/or contact information had been compromised. In September 2016, Yahoo announced it had been the victim of the biggest data breach in history, compromising 3 billion user accounts. The list goes on.
These high-profile cyber attacks have led many small business owners to assume that data breaches only happen to big companies, banks or governments. In reality, small businesses are particularly vulnerable to cyber attacks. The 2017 State of Cybersecurity in Small & Medium-Sized Businesses Report found that a shocking 61 percent of U.S. small businesses said they had been a target of a cyberattack – up from 55 percent in 2016.
The following are the most common forms of cyber attacks on small businesses:
- Phishing/social engineering – Cyber criminals are targeting businesses with phishing and other social engineering methods (emails, social media messages, phone calls or malicious websites) to trick them into providing confidential data (e.g., credit card number, social security number, account number, etc.). This year, phishing/social engineering has surpassed web-based attacks as the most frequent type of cyber attack on small businesses.
- Web-based attack – In a web-based attack, hackers use one of several different methods to steal a business’ credit card data, sensitive information and other saleable assets. The three most common types of web-based attacks are brute-force attacks, SQL injections and cross-site scripting. These data breaches involve everything from using automated scripts that test possible password combinations to inserting malicious scripts that attack a business’ database and steal, alter or delete data.
- General Malware – Malware accounted for 36 percent of cyber attacks on small businesses in 2017. This software steals or destroys data when introduced to a computer system through email or software downloads. Trojan horse malware, for example, hides within an application or file and is then introduced to the system when something is downloaded from the internet.
- Ransomware – One of the most prevalent varieties of malware in 2017 was ransomware, according to Verizon’s 2018 Data Breach Investigations Report. Ransomware is a type of malicious software designed to completely block a user’s access to their computer system. Once the software has taken over the system, a threat is made that access will not be restored until the ransom demand is satisfied.
Ways to Protect Your Small Business from Cyber Attacks
Small businesses have increasingly become targets for cyber attacks because they hold valuable digital assets, yet often lack sufficient security. Seventy-five percent of small business owners say they simply do not know if they have enough cyber security or the right solutions to protect their digital assets. Small business owners often lack the understanding to prevent cyber attacks, and they also believe cybersecurity is more costly than they can afford.
If cost and limited resources are your main concerns, consider the following simple and economical ways you can reduce your small business’ risk to costly cyber attacks:
Keep Everything Up to Date
It is important to regularly check for software updates so you can download and install them as they become available. You will want to make sure that your website, scripts, plugins and server software are up to date. If you are personally managing everything, you can setup auto-update protocols; your platform and content management system will update automatically. If a team member is responsible for this task, make sure security updates are their first priority.
Install an Antivirus and Firewall Software
Some of the most popular software options for protecting your computer from attack include McAfee, Bitdefender and Norton. Once you have chosen the software you wish to use, you will have to regularly check to make sure it is always up to date; this includes your operating system software and other types of software (e.g., WordPress). If your software is outdated, it will quickly result in security holes attackers can discover and use.
Secure Your Networks
For most small businesses today, Wi-Fi is simply a fact of business life. Make sure you utilize a firewall when signing on to your business’ Wi-Fi network. Your business’ Wi-Fi network needs to be both secure and hidden. You can achieve this is by setting up your wireless router so that the name is not broadcast (known as a SSID: Service Set Identifier). A Virtual Private Network (VPN) will also allow you to encrypt your internet connection so sensitive business data is not seen by third parties.
Closely Manage Your Passwords
Did you know that the most commonly used passwords of 2017 were “123456” and “password”? In addition to changing your passwords on a regular basis, it is critical that you use complex passwords. Consider using a phrase that includes a mix of capitals, numbers and special characters. You can also take advantage of the many online tools that allow you to check how secure your password is and/or help you manage or generate new, secure passwords.
Invest in Employee Training
Employee training is one of the most important defenses against a cyber attack on your small business. Without the proper training, one of your team members might unknowingly release sensitive business information or install malware. Develop an easy-to-read security guide for your team so they can better identify and deal with digital threats. When you learn of a new potential online threat, be sure to inform your team and encourage them to immediately report suspicious behavior on your business’ digital network.
Now that you know how small businesses are attacked and what information is targeted, you can take the necessary steps to protect your small business from cyber attacks. Implementing these preventative measures will ensure your business is positioned to evade attacks and enable you to worry less and focus more on your business’ growth.
Security Business Capital’s Cash-Flow Solutions
Do you need extra cash to invest in employee training and strengthen your business’ defenses against cyber attacks? Security Business Capital’s invoice factoring services provide the working capital you need to protect your business from the increasing threat of cyber attacks and continue to grow your small business safely. If you are interested in learning more about how our invoice factoring services work and how they can help your business, get in touch with us today to schedule a consultation.