With the explosion of the internet, our digital lives have become synonymous with our “real” lives. Right along with it, cybersecurity has grown to be a multi-billion dollar industry. But does our perception of its importance truly reflect cybersecurity’s actual importance?Many small businesses have a “Not Me” mindset with cybersecurity. Meaning “Attacks happen to others, but not me.” Unfortunately, this is misguided because 58% of all cyber attacks target small businesses.
To hackers, small businesses are a goldmine. Most companies have mediocre security protections, allowing attackers to sneak in and wreak havoc. For this reason, it’s important to take cybersecurity seriously. Don’t underestimate the hackability of your business. If you have money and confidential data, you’re on attacker radar.
Knowledge is the first step to security. What do you need to know to protect your business from cybersecurity threats? We’re going to walk you through the most common cybersecurity threats as well as new threats in cybersecurity. Most importantly, we’re going to provide advice and first steps on how reduce the risk of these threats so you can breathe easy.
You May Have Heard of TheseCommon Cybersecurity Threats
Malware is especially malicious software that has three dangerous forms: ransomware, spyware and adware. A notable marker of malware is that it requires the user (you) to take some sort of action which triggers the malware. This could be clicking on a link, downloading an attachment or entering your information on a fake website.
You can guess from the name what this type of malware does. It’s the digital version of a hostage situation. Attackers access and hold your information for ransom. Only through payment (like bitcoin) will your data be released. But here’s the catch, hackers don’t play by the rules. Once they see you’re willing to pay the price, they may increase their fee. Or worse, if you don’t properly protect your IT after this attack, hackers can return to hit you again.
Just like Agent 007, spyware watches your every move. It monitors your online habits, gathering the data you drop along the way such as passwords, credit card information, social security numbers and more. It works by infiltrating or even mimicking the websites and apps you use. After stealing your data, hackers sell it to third parties for their use.
An evolution of spyware, adware uses the data it stole to harass and control you. If you’ve ever experienced a sudden onslaught of pop-ups that just won’t go away, you’ve brushed against adware. The goal of adware is to confuse, frustrate and force you to accidentally click an ad as you try to close it out. Once you do click, your device is subjected to further malware and viruses.
It may conjure nostalgic images of sitting with your dad on the dock, throwing the line out to see what'll bite. But with phishing, you're the fish and hackers are tossing all the bait they have to grab you.
Phishers feed on your ignorance and curiosity. Generally taking place through emails, phishing attacks look safe, may have an enticing subject line, include instruction to submit information, and come from a known address. But take a closer look at that email address. Is there a misplaced letter in the name? It is a “.com” or something else? These small changes are easy to miss, but can have dangerous consequences. Once you click the link, you’re directed to a fake site to enter your information and you’ve opened yourself to attack.
While phishing is a mass attack, spear phishing is targeted toward a specific person. Because it includes individualized messaging and personal information, spear phishing is that much harder to catch.
Don’t confuse with spoofing!
Spoofing is similar to phishing in that it generally happens via email. Just like phishing attacks, the email looks safe and seems to come from a legitimate source. But if you click a link or download an attachment, you’ve released a malicious file into your system.
If you’ve ever tried to visit a site but got a message saying the site is down or inaccessible, DoS may be to blame. Attackers use this method to overwhelm a website with manufactured traffic. Too much traffic overloads the site’s servers and cause a shutdown. Businesses can’t access their own website and visitors can’t find the answers they’re looking for. This leads to loss of business (consumers will go elsewhere to find the product or service) and loss of credibility (how good can your business be if its website doesn’t work?).
Distributed Denial-of-Service (DDoS)
DDoS attacks take denial-of-service to the next level. Instead of using one computer to affect a website, DDoS uses many computers to do it, often on a global-scale. There are many types of DDoS attacks that affect your bandwidth, traffic and applications.
Where It’s All Going
New Threats in Cybersecurity
Cybersecurity threats are always evolving. That’s why it’s important to stay knowledgeable about what’s out there. For 2019 and beyond, these are the trends to be aware of as you create and adjust your cybersecurity strategy.
A New Tactic Called Cryptojacking
As cryptocurrency increases in popularity, hackers are finding ways to take advantage of it. Cryptojacking is a sneaky way of getting someone else (you) to do the dirty work. Delivered via a bad email link or an infected website, cryptomining code loads onto your computer or browser to work in the background.
Pay Attention to Your Vendors
Instead of attacking you directly, hackers are targeting third-party vendors that have access to many clients’ confidential information. Vendors like accounting firms, lawyers and even managed service providers (MSPs) are prime targets. Your business can take all the security precautions possible, but if your vendors aren’t on the same page, you’re at risk. See how one MSP learned this the hard way.
Alexa May Not Be Alright
Does anyone really trust their AI technology like Alexa or Google Home? Turns out that suspicion is warranted. There have been several cases of Nest products being hacked through the internet. Hackers are able to watch people through the camera and even talk through the speakers.
What You Can Do Today
How to Combat Cybersecurity Threats
You’ve already taken the first step: educating yourself on what’s out there. Now it’s time to take action. Here’s what you can start today to protect your business from cybersecurity threats. We asked experts across our company to share their cybersecurity tips. See what else they suggest.
- Educate your employees on threats
- Instill a commitment to vigilance
- Create a security-focused culture from the top down
- Ensure your vendors are secure. Ask these questions.
- Use unique passwords for every account
- Use secure password managers to document your passwords
- Regularly change your password
- Don’t leave your passwords somewhere easy to find
- Don’t use identifying information in your passwords
- Don’t trust the ‘FROM:’ in an email
- Double check everything that’s sent to you
- Always look at a link before you click it
- Think first before downloading attachments
- Install and maintain anti-virus and anti-spam software
- Install firewalls to prevent access to your network
- Visit secure websites that have HTTPS in the URL
- Use CTRL+ALT+DEL to get rid of adware pop-ups
- Avoid public hotspots whenever possible and never allow ‘auto-connect’
Above all, it’s critical to work with an IT provider that can support and guide your cybersecurity strategy. Don’t go it alone. iVenture Solutions is an award-winning managed service provider delivering superior IT solutions to clients across Florida. As a leading-edge IT firm for small and medium-sized businesses, we provide a diverse range of services covering the entire scope of IT including maintenance, support, hosting and more. Through rapid response time, reduction of chaos and the right people, our expert team of IT professionals will fulfill your technology needs. At iVenture, we give you more time to do what matters most.