You’ve probably heard that cyber attacks have been on the rise in recent years.
While breaches of large companies like Target and Equifax have been in the news, small businesses are increasingly finding themselves in the crosshairs for hackers, who find their often weak or non-existent cybersecurity practices make them attractive targets. Malicious actors count on business owners believing they’re too small to be found – but the truth is that if your operation is connected to the Internet it’s at risk. Read on to learn about the most common types of threats and some steps you can take to defend your business against them.
Common Types Of Cyberattacks
While the types of cyber threats to look out for are constantly evolving, there are four main types of attacks to look out for:
- Viruses – The “OG” tool of hackers, viruses are malicious computer programs designed to spread from device to device across networks to give attackers access and control over the systems.
- Malware – A blanket term for software intended to damage computers, networks, and servers. Malware can include viruses and ransomware, and is often used to spy on users or do things like use your system to mine cryptocurrency for the attacker in the background, slowing it to a crawl.
- Phishing – This is a type of attack that uses email or a malicious website to entice users into clicking a link or opening a file in order to infect a device with malware or collect information. Phishing attacks can be sophisticated, with scammers impersonating trusted organizations or individuals to get victims to take the bait.
- Ransomware – These attacks are all the rage in the criminal underworld these days. Ransomware is a type of malware that, once it infects a computer, locks down and encrypts its files. A message from the attacker will appear on the screen demanding payment, often in cryptocurrency, in exchange for unlocking the machine.
What You Can Do
As you can see, cyber attacks can be complex and difficult to detect until a system or network is already compromised. The consequences of a breach on a business can be costly and time-consuming, but while there’s no way to totally guard against an attack (besides unplugging it from the network entirely), taking some simple cybersecurity measures can make your company less of a target. A good analogy is bike theft: while any bike lock can be defeated eventually, if your bike is harder to steal than the one next to it, a thief is more likely to go for the other one.
Here are some steps you can take toward better cybersecurity:
- Know Your Network: It’s hard to defend your company’s network if you don’t have a handle on what you’re defending. Make sure you have an understanding of what devices are connected to your network, what software they run, what kind of data your company has that could be compromised in an attack, and who has access to that data.
- Train Your Staff: Your business’ cybersecurity is only as strong as its weakest link, and many data breaches occur due to employee negligence. Even if you don’t “speak tech,” there are outside firms that specialize in cybersecurity training for small businesses. In the meantime, some of the basics your employees should know:
- How to choose a strong password.
- How to use a password manager.
- Signs of suspicious emails or web links.
- Back Up Data: Make sure important data is backed up regularly to external hard drives, cloud storage, or any storage that is not connected to your network. This is especially useful while a ransomware attack is ongoing, preventing you from losing access to your company’s files.
- Secure Your Wifi Network: Attackers will sometimes scan the internet for vulnerable wifi routers in order to gain access to a network remotely. Make sure yours isn’t using the default administrator name and password and turn off remote management so settings can only be changed locally.
- Consider Cyber Security Insurance: Cyber attacks and their aftermath often put companies out of business. If your company handles sensitive data, has a large network, or is at a particular risk, a cyber security insurance policy can help soften the blow of an attack.
Helpful Resources To Get Started
To learn more about getting started with a cybersecurity plan, check out these free tools:
- A list of Low Cost Training Programs from the National Initiative for Cybersecurity Education
- The Federal Trade Commission’s cybersecurity factsheet and checklist
- The FCC’s Cybersecurity Planning Tool, which can help you determine your risks and make a plan
- The Department of Homeland Security has a guide to help you get started as well
written by Jon Becker