Who loves poor computer security? The people that want to get rich off your dime is who. Theft is a problem that has plagued business since the dawn of time and make no mistake about it, cyber-crime is a big money enterprise. So how do you protect yourself and company from those that want your data and money? You might be surprised to learn that negligent employees are the single biggest source of data breaches at small and medium-sized businesses across North America. Since your employees are the most vulnerable part of your business from a cybersecurity standpoint, it is important to train them to be more vigilant, especially around more common internal sources of security breaches such as email. Here is a list of some of the most common forms of cyber-attacks and how you can protect yourself.
Malware is a combination of viruses, root kits, worms, Trojan horses, ransomware, spyware, and adware, among other terms. One of the nastiest of these is encrypting ransomware. These use military grade encryption and store the key required to unlock files on a remote server. This means that it was virtually impossible for users to get their data back without paying the ransom. This type of encrypting ransomware is still growing today, as it’s proven to be an incredibly effective tool for cybercriminals to make money. At the end of 2017, 35% of small and medium-sized businesses had experienced a ransomware attack.
In an attack that happened back in March of 2018, the SamSam ransomware crippled the City of Atlanta by knocking out several essential city services, including revenue collection and the police record keeping system. All told, the SamSam attack cost Atlanta $2.6 million to resolve.
Most of these attacks enter a business through their email. It is important to use an email filter that blocks spam and viruses. This prevents a lot of dangers before they even reach you. It is also important to keep your software patched to fix known exploits. Data backups are also critical because if you do get it hit, the costs can be very high and there is no guarantee paying a ransom will get your data back. It is generally better to restore from a secure backup. Last but most importantly it is critical to educate your end users on email security and creating strong passwords.
A Phishing attack is the practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something. It combines social engineering and technical trickery. It could involve an attachment to an email that loads malware onto your computer. It could also be a link to an illegitimate website that can trick you into downloading malware or handing over your personal information.
Phishing is the leading cause of cyber-attacks worldwide. As such, staff must be trained to recognize phishing emails and what to do when they receive one. Indeed, in a recent survey, 79% of those hit with ransomware said it entered their system through a phishing or social engineering attack.
Business Email Compromise (BEC) is a type of scam targeting companies who conduct wire transfers and have suppliers abroad. Attacks can happen when criminals obtain a collection of usernames and passwords from a breached website or service (easily acquired on any number of black-market websites on the internet). Once into the system they may spend weeks or months studying the organization’s vendors, billing systems, and the CEO’s style of e-mail communication and even his or her travel schedule. When the time is right, often when the CEO is away from the office, the scammers send a bogus e-mail from the CEO to a targeted employee in the finance office—a bookkeeper, accountant, controller, or chief financial officer. A request is made for an immediate wire transfer, usually to a trusted vendor. The targeted employee believes he is sending money to a familiar account, just as he has done in the past. But the account numbers are slightly different, and the transfer of what might be thousands of dollars ends up in a different account controlled by the criminal group.
It is important to invest in the tools needed to help defend your company from cyber-attacks and scans. Good spam filters and anti-virus software are a good starting point but well-trained employees are vital.
Employees need training on how to spot phishing emails. Does the email ask you to confirm personal information? Does the email address look off? Does the email match the stated address when you hover your mouse over the address? Is the grammar off? Does the email have attachments? Does the email use exciting offers or scare tactics? These are common tactics in these scams but if your employees don’t know what to look for you are vulnerable.
Reusing passwords is a big security risk. The internet is filled with username and password lists. Criminals know that if they use these same credentials on other websites there’s a chance, they’ll be able to log in. No matter how tempting it may be to reuse credentials for your email, bank account, and your favorite sports forum, it’s possible that one day the forum will get hacked, giving an attacker easy access to your email and bank account. When it comes to credentials, variety is essential. Password managers are available and can be helpful when it comes to managing the various dozens of credentials you use.
It is important for every business to stay current with common computer scams and computer safety. Investing a little time and money in preparedness can save you a lot of headaches and money down the road.