Cyber attacks poised to invade your business and wreak havoc are serious and businesses should take measures to reduce the likelihood of occurrence. Small companies aren't immune to cyber crime; in fact, they are often especially vulnerable because they may lack the large-scale data protection and recovery systems available to bigger firms. This makes it even more critical that small business owners use anti-virus software and fully educate their employees on the many types of cyber attacks waiting to strike.
Some of the most common and dangerous forms of cyber crime employ similar tactics. Here are ones to watch for:
Phishing (aka, business email compromise)
Let's say you receive an email requesting money. The message appears to resemble a service provider's invoice, but if you look a bit closer, you see there's something suspicious about the email address or formatting of the request. (Or it's unlikely your service provider would make a payment request in this manner.) This is one type of business email compromise that, when successful, enables hackers to gain access to accounts, extract private information, process unauthorized requests, and redirect funds to anonymous accounts.
Malware (adware, spyware, ransomware)
These insidious attacks assume many guises, the most pernicious of which is called ransomware. When opened, this malicious software seizes crucial files, and keeps those files "hostage" until the victim pays ransom to decrypt them. Ransomware gets into a business system when unsuspecting users:
- Download materials from a compromised website;
- Open a fraudulent email attachment; or
- Employ an unauthorized USB stick or some other external media device.
The key is handling any suspicious email with great care. The New York Times urges people looking at "iffy" emails to hover over hyperlinks (without clicking on them) to determine if they'll send you to an unfamiliar or suspicious web page. In regards to an email that originates from your ISP, bank, or credit card company, remember that these institutions will never ask for sensitive information like your password or social security number. Only bad guys want to get ahold of that data.
Social engineering (identity theft)
Cyber criminals exploit our natural tendency to trust a message we receive and/or assist someone we believe to be in need. By impersonating a friend or some trusted institution, they hope to persuade you to divulge passwords, financial data, or otherwise gain access to your computer and then download malicious software.
If someone you know sends you an email containing a link they want you to click on, or an attachment contains what you're told is a photo or other attachment they want you to see, don’t do it if there's the slightest suspicion that something's wrong. You could end up infecting your system (and, by extension, a company's entire system) with malware that can cause irreparable harm.
Take action to secure your sensitive business data
It’s not enough to just hope that cyber attacks pass by your business. Instead, take action that results in enhanced data security for your business:
- Train everyone in your company to recognize potential threats and act accordingly. Knowledgeable employees are less likely to fall for email scams or other cyber crimes. Conduct ongoing training (with updates on new viruses). Implement policies that describe your expectations about employee behavior. Make sure people understand that allowing a cyber attack to succeed harms both the business and their own livelihood. Instruct employees on how to create effective passwords for all of their devices.
- Install up-to-date anti-virus software that secures all the devices your business employs, including file servers, desktops, laptops, and mobile devices. This software must be equipped to identify and block cyber attacks. Installation of firewalls and data encryption also helps guard your business information.
- Back up data on a network level and mandate employees to back up their individual data as well. Information securely stored in the cloud is a very useful safeguard against data loss and ransomware, as well as storing files and other data at an offsite location.
- Establish an incident response plan that outlines how employees should proceed if they encounter phishing or malware attempts.
Taking action to protect your data is the wisest approach in our digital era, and will help reduce the chances that your business becomes a victim of cyber crime.