Top 3 Cybersecurity Threats for Small Businesses and How to Fight Them
In today’s world of constant online threats, hackers have evolved far beyond mischievous trespassers into well-funded, well-organized cyber criminals.
A big misconception is that hackers only target large corporations, big banks or high profile individuals. However, they are often seeking small businesses who are easy targets for money, identity, financial data, or more importantly, credentials to access other online partners.
A breach of your organization can lead to anything from stolen customer information to acquiring malware that can cripple your network. This is why taking control of your cybersecurity is vital. Even if you’ve previously considered your organization too small to attract notice, ask yourself if your organization is ready for this kind of an attack?
Staying on top of security challenges involves diving deep into every nook and cranny of your network as well as keeping current on global threats and trends. It also requires prioritizing which defenses to focus on, since trying to protect against every possible attack can prove overwhelming.
This can become especially complicated for many small to mid-sized companies who have multiple access points due to the interconnectedness of vendor relationships, online payment processing and general convenience. If one company is breached, intruders may easily gain access privileges to other partners.
This was seen in the 2013 Target breach, when hackers infiltrated Target’s normally secure network by first accessing the network of its smaller HVAC vendor.
For companies looking ahead to possible threats in 2017 and beyond, and determining what cybersecurity measures to focus on, consider these three prime contenders:
3 Leading Cybersecurity Threats for Small Businesses
- Internet of Things
- Outdated Security
Malware is a general term for software that can be spread, installed or activated without users actually realizing it, including secret changes to a desktop or even a network.
Most of us are generally familiar with worms, Trojan horses and viruses, which are all different destructive forms of malware. Some are spread by clicking on a link, running an unauthorized program or activating an unsecure script.
But a newer form of malware that has many concerned is called ransomware. It can spread in similar ways, but when it activates, it can lock down your computer or network until you pay a certain amount for the key/access code. In some cases, paying the amount may not be enough, or the hackers may try to re-infect a victim in the future.
Combating malware is tricky, and can involve regular scans, larger audits, and different security levels for the more sensitive access points of your network. Back-ups that are easy to retrieve are a smart idea, in case your whole system has to be wiped. But the best advice is to create a culture where malware has a hard time being introduced.
This requires training employees to be vigilant of any suspicious emails, links, even hardware such as thumb drives. Employees who use mobile devices for work also need to be regularly reminded to be careful, including making sure their devices can be easily locked and wiped remotely if the device is lost or stolen.
2. Internet of Things
IoT is fundamentally changing the world. It’s the general term for more and more electronic devices connecting to each other. An easy example is the exercise band on your wrist or ankle that tells the fitness app on your mobile phone how far you ran today. Or the refrigerator sending a note to your phone that you’re low on milk. Or using your phone to activate appliances in your home like your heater or lights.
Where IoT gets scary fast is when people figure out how to access and connect some of these devices without permission. Hacking a smartwatch may allow someone to access one person’s identity. But thinking larger, imagine how many electronic devices now “talk” to each other – even nuclear reactors or car navigation systems.
A recent example of the scary side of IoT was the October attack on Dyn, an Internet domain name system, which caused several commercial sites to go off-line, including Spotify and Twitter.
An investigation showed that the attack was caused by hackers infecting and linking together more than 100,000 devices around the country into one malicious botnet. The devices included electronic baby monitors, which basically flooded the gateway with so much electronic traffic that it eventually shut down.
The best defenses against IoT threats are education and vigilance. Because it’s such a new concept, best security practices are still being developed at the manufacturer and consumer levels. Creators can add extra security features or ways to control who can access something. Users can also add other protections, including regular scans or alerts if someone unauthorized tries to connect.
3. Outdated Security
Good security practices from five years ago, maybe even five months ago, may not be effective against tomorrow’s threats. But some companies still mistakenly believe that past efforts remain good enough.
The flaw in this thinking is that hackers are still actively seeking vulnerabilities, and will be pleasantly surprised to run across networks that use security from a few years ago.
Creating a current security posture is vital. This starts with integrating security at every level of your organization, plus teaching managers the correct protocols and making sure everyone in the organization is aware of the current rules, including password protection. Follow up on this by making sure all in-office and mobile devices have correct security software and the latest versions of operating software. Adding password protection at several levels is vital, as well as thorough firewalls.
These threats aren’t meant to scare you, but rather help you realize how serious cyber threats can be and that there are ways that you can protect yourself, your business and boost your security profiles.
What do you think are the biggest cybersecurity facing small businesses today? Let us know in the comments below, and consider Kelser’s list of security tips to protect your company as a place to start improving your cybersecurity posture.