Top 5 Cyber Threats Putting SMBs At Risk
It can be a daunting world out there for SMBs trying to navigate the ever-evolving technology landscape. Cyber attacks, ransomware, and changing IT landscape challenge the ability of small businesses to safeguard their information assets.
Finding the right balance between access and security has always been a key challenge for SMBs. How do we allow employees, who are now virtual, access to company data to carry out their jobs, but also be mindful of data security at the same time.
How do we lock down critical assets but also make that data available anytime and anywhere to the people who need it.
Many small businesses try to put best practises in place, but many have experienced either a successful or unsuccessful ransomware attack.
Let’s look at the Top 5 Cyber Threats facing SMBs today.
Today, Phishing is the most common threat that SMB’s will face. It’s relatively easy to initiate a phishing attack and they typically have high success rates for the attacker.
Attackers use phishing targets victims via emails, text, or by phone to lure them into providing sensitive information or credentials. Attackers sometimes pose as employers, partners, vendors, or as financial/governmental authorities.
In a common phishing attack you might see an email with an attached invoice come from a CFO to a CEO, or vice versa. What initially might appear as the sender’s true email, upon closer inspection, the domain or name in the sender field is something else.
CFO’s real credentials: firstname.lastname@example.org
Attackers use of CFO’s real name: email@example.com
The subtle distinction makes all the difference.
With phishing you also have to be aware of opportunistic attacks using current events, such as COVID-19, CERB, or communications from the Canada Revenue Agency.
What Can You Do: Educate yourself on best phishing prevention practises, so you and your employees can spot.
Ransomware is a type of malware that accesses a victim’s files, locks and encrypts them and then demands the victim to pay a ransom to get them back. This can be delivered to victim’s machines via links, attachments, downloads or embedded in other malicious software. Ransomware can severely cripple unprepared businesses.
Ransomware can be described as a form of “digital kidnapping” of valuable data, which is usually financial records and intellectual property. Any individual or organization could be a potential ransomware target.
These attacks are typically delivered via phishing or malicious downloads and can force organisations to provide a large bounty to gain control back.
Two easy actions you can take to mitigate ransomware attacks;
First, you can stay ahead of attackers by enabling factor authentication on key assets and accounts. Two-factor authentication can be in the form of a text message, token, or even a biometric like your fingerprint to provide enhanced security.
The second item you can do to protect yourself from ransomware is to run regular backups of all your data and store them safely on an isolated server, or in a secure cloud environment.
3. Exposed Vulnerabilities and Assets
The third most common threat we see SMB’s face is with unpatched systems and software. Known vulnerabilities are often exploited by cybercriminals to gain unauthorized entry or access, putting your business, data and customers at risk. Regularly update your systems and software, mobile devices and apps, and network devices such as firewalls.
Your protection systems, like firewalls, endpoint security systems, and IPS devices also require regular updating. These are critical to update because there are often hundreds of new virus definitions that need to be downloaded to your device on a daily basis.
Best practise is to keep your systems up-to date. So whenever you see the notification to update the latest virus definitions, we advise you to go ahead and do so.
Malware is malicious software that is designed to cause damage, disruption, or allow unauthorized access to your systems and data. It finds its way inside systems by posing as a legitimate file, or as a trojan, then executes itself once inside. From here the malware can allow access to critical company assets and systems for further exploitation, using in search of financial gains.
While attackers’ motivation varies, malware often infect systems to gain unauthorized entry into the business; harvest or capture user credentials; or for other financial gains.
Over the last few years there has been an increase in SMBs who experience situations when exploits and malware have evaded their intrusion detection system.
The majority of small businesses are vulnerable to exploits and malware, mainly due to the fact that the technologies currently used by their organization can detect and block most cyber attacks.
#5 Weak Password Hygiene
Most people use passwords that are easy to remember, and reuse passwords for multiple websites and accounts. Also, too often default passwords are not changes allowing administrative access to critical systems.
Poor password hygiene and practices can increase your chance of being breached and put your information and data at risk.
Hackers use sophisticated systems to run all the possible combinations of common passwords until they find one that fits. If you’re using easy to guess passwords including dictionary words, pet names, birthdays, etc, you stand a higher chance of being breached.
Using the same password for multiple systems may be easy to manage, and can save you time gaining access to data and systems. But it’s not secure. Sharing passwords across critical systems is a sure fire way to increase your exposure and chances of being hacked.
It’s common that employees will share passwords via email, either internally amongst staff, or to partners, suppliers, and contractors. This activity is not recommended, passwords should never be shared via email.
In addition, it’s not recommended that passwords are stored in plain text, for example; in a file, or on post-it notes is also not good
Best practise is to avoid sharing passwords digitally and implement a 2FA solution for gaining access to systems.
Only a small percent of the companies have confidence in their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective. This shouldn’t be the case.
At Onward Solutions, we believe that with a security-integrated approach to IT and Technology, the right strategic guidance, and correct application of best practises, you should feel confident that your investment in technology can meet your business requirements and expectations while safeguarding your business and data.