Fact: 43% of phishing attacks target small businesses; this represents a 25% increase since 2011.
News about cyber security breaches nearly always focuses on large-scale organizations, including major national retailers, banks, insurance companies and health care providers. In reality, however, small businesses are targeted by hackers everyday. While the smaller number of clients impacted means that the small business cyber security breaches may never become big news, combined, attacks on small business impact millions of Americans each year and worse yet, attacks on small businesses are currently on the rise.
Since 2011, there has been a dramatic increase in cyber security attacks on small businesses. In 2011, for example, only 18% of phishing campaigns targeted small businesses. In 2014, 34% of phishing attacks targeted small businesses. In 2015, small businesses accounted for 43% of phishing attacks. What does this mean? In short, as hackers experience increasing difficulty infiltrating large businesses, they are turning to small and less protected businesses to carry out comparable forms of damage. The question facing small businesses, then, is how to effectively prepare for and prevent cyber security attacks?
Common Cyber Security Attacks on Small Businesses
APT: Advanced persistent threats (APTs) are ongoing and targeted attacks that break into an organization’s data over time. APTs usually take place over five stages: reconnaissance, incursion, discovery, capture and exfiltration. The goal is to stop APTs at the reconnaissance stage (when attackers are still exploring your organization as a potential target).
DDoS: DDoS means “distributed denial of service.” These attacks happen when a server is intentionally overloaded with requests—at situation that results in a shutdown of the targeted site. Monitoring and analyzing requests can help to prevent DDoS attacks.
Malware: Malware, also known as “malicious software,” refers to any program or bug that targets a computer to either damage the computer or gain access. Malware takes many forms, including worms, Trojans and adware.
Insider attack: Insider attacks are carried out by current or former employees. There are two primary ways to stop such attacks. First, it is critical to screen for potential threats during the recruitment stage. Second, it is critical to ensure that former employees have no way of accessing company data after they are terminated. Of course, depending on their role and level of access, this can be difficult. For this reason, ensuring employees only have access to the data they require to do their job is important.
Password attacks: Another common cyber security issue for small businesses takes the form of password attacks. The attack can lead to major damage and may result in an organization’s computer system being entirely taken over by an outside hacker or group of hackers.
Phishing: Phishing is arguably the most common form of cyber theft. It entails collecting sensitive information, such as login or credit-card information, through a seemingly legitimate but ultimately fraudulent platform. If you’ve ever received an email or text from your school, employer or bank asking you update your personal information on an external website (one that may look remarkably similar to the website of your school, employer or bank), you’ve been a target of phishing.
Five Steps Small Businesses Can Take to Prevent Cyber Security Breaches
Encrypt emails: Like locking your home, consider email encryption a routine part of your day-to-day business operations.
Monitor passwords: Require current employees to change their password every three months (or more frequently) and ensure former employees’ passwords are immediately locked.
Install protective software on all computers and devices: Mandate the use of malware, spyware and firewall software on all company devices.
Ensure all employees can recognize the warning signs: Train everyone to understand the warning signs cyber security threats, such as phishing scam.
Offer cyber security training to all your employees: A key way to prevent cyber security breaches is by offering comprehensive cyber security training to all your employees. With eLeaP’s annual security awareness certificate program, even small businesses can afford to offer their employees a security awareness certificate program based upon international best business practices for protecting both your personal information and your organization’s assets. The best news is that with eLeaP’s affordable and easy-to-use learning management system, there are no excuses—cyber security training is within reach for businesses regardless of their budget.