Many small- and medium-sized businesses (SMBs) falsely believe that cybercriminals won’t target them because they have little to no valuable things to be stolen. This is why they don’t spend much on cybersecurity — a situation that opportunists unsurprisingly exploit. According to a report by Verizon, 43% of cyberattacks were actually directed towards SMBs in 2019.
With one in every two cyberattacks targeting SMBs, it’s paramount that SMB owners know about these top threats to cybersecurity and how to mitigate them:
1. Phishing emails
Last year, 32% of data breaches involved phishing, with phishing emails remaining as the most successful strategy used by cybercriminals to lure victims. Purportedly coming from a credible source, phishing emails are designed to trick the recipient into disclosing personal information like login credentials and Social Security numbers. Experts report that 1 in 25 branded emails is a phishing email.
The best way to mitigate this threat is by educating everyone on how to deal with them. One way is by providing continuous awareness training that covers a range of topics, from how to detect phishing scams to what to do when you fall for them. This training should be provided to anyone who handles company data. Top-level executives are actually prime targets of scams since they have power over financial matters. Businesses can also launch a newsletter on cybersecurity, or a gamified cybersecurity awareness program that rewards those who demonstrate cybersecurity best practices.
Malware is an encompassing term for all malicious software, including Trojans and viruses. These are usually found in spam emails, unsecured websites, or infected devices. Their goals vary: some malware are used to gain computer and administrative access; some are deployed to destroy data or paralyze networks. According to malware experts Panda Security, about 230,000 malware are created every day.
To prevent malware from entering computer systems, businesses must strengthen their defenses. Tighten web security and prevent users from performing actions like downloading malicious files and visiting suspicious websites. Prioritize endpoint security: keep attacks at bay by ensuring that devices and machines have up-to-date software and security patches.
Ransomware is software that takes complete hold of a network’s data and threatens to either publish confidential information or withhold it forever unless a ransom is paid.
In 2019, Las Cruces Public Schools suffered from a ransomware attack that infected thousands of servers and devices. The district refused to pay the ransom, opting to reformat around 30,000 devices instead. But as of January 2020, only about 6,000 have been taken care of, proving that the effects of ransomware can be long-lasting and catastrophic.
To keep these nasty threats out, all businesses should have trusted, up-to-date antivirus software and firewalls. All mail servers should also employ content scanning and filtering to check for malicious links and attachments. Everyone connecting to public Wi-Fi is also advised to use a virtual private network (VPN) that masks one’s Internet Protocol (IP) address and makes one’s online activities untraceable.
4. Weak passwords
Passwords are designed to safeguard privacy and keep unauthorized people out. However, weak passwords like all-time favorites “password” and “12345” do nothing to stop hackers from breaking into a system. By using a brute force attack that guesses combinations by trial and error, cybercriminals can crack passwords in seconds.
As such, there should be strict requirements for password creation. For example, systems should only accept password combinations with special characters, numbers, and capital and small letters. Multifactor authentication (MFA) should also be employed. MFA double checks the identity of users by asking them to provide a piece of unique information that only authorized users could possibly provide, like fingerprints, voice patterns, and codes sent through registered mobile numbers.
5. Bring your own device (BYOD)
BYOD setups bring many benefits to SMBs, but they also pose various threats to a company’s cybersecurity efforts. For one, employees might use their own devices to connect to unsecured public Wi-Fi networks that are riddled with malware. Devices may also get lost or stolen, and company data can end up in the wrong hands. What’s more, apps installed on employee-owned devices may secretly and illegally leak data.
To address these potential scenarios, a business should have a clear BYOD policy in place. This document should include what employees can and can’t do with their devices, and the sanctions they will face if they violate rules. Moreover, businesses should have mobile device management (MDM) software that monitors, manages, and secures employees' mobile devices. When a device goes missing, for example, the MDM can remotely wipe it clean of its data.
Do you want to learn more about how to protect your enterprise against cyberattacks? Kosh Solutions has the perfect material for you. Our eBook “3 Types of Cyber Security Solutions Your Business Must Have” boils everything down to the basics and explains how SMBs can optimize their solutions without breaking the bank. Download the eBook now.