Prevention is better than cure: protecting your small business against cyber threats
The majority of small business’s cyber crime starts with human error, with just over half of cyber attacks being the result of employees clicking on links in phishing emails. This can open the door to malware or ransomware attacks, putting your data at risk. And that could lead to damaged business reputation, loss of customers, production downtime and even a hefty fine.
With the right security in place, however, you can protect your business from falling victim to the most common cyber threats.
Let’s start at the beginning! What exactly is a phishing email? And what’s the difference between ransomware and malware? How can a firewall help? What is a security patch and why is it important? We know that not everyone understands cyber terminology, so let us break it down for you.
Breaking down the jargon
Let’s go back to basics and look at some of the most common cyber attacks and acronyms you might have heard about but weren’t sure what they meant.
Phishing
Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website. The term ‘phishing’ is mainly used to describe attacks that arrive by email, but can also refer to attacks via text, social media or phone calls.
Smishing (SMS-phishing)
A form of phishing in which an attacker uses a compelling text message to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone. Smishing text messages are often purporting to be from somebody you know, or from your bank.
Vishing (voice-phishing)
A form of phishing that attempts to trick victims into giving up sensitive information like credit card numbers, bank account details and passwords, over the phone.
Malware (malicious software)
Any code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware and spyware/adware. We’ll let you Google those!
Ransomware
A form of malware that holds a victim’s data hostage on their computer typically through robust encryption. This is followed by a demand for payment in the form of Bitcoin in order to release control of the captured data back to the user.
Impersonation or spoofing
The act of falsifying the identity of the source of a communication or interaction (e.g. to make you think you are receiving an email from somebody you know). It is possible to spoof an IP address, MAC address and email address.
Social engineering
An attack focusing on people rather than technology. This type of attack is psychological and aims to either gain access to information or to a logical or physical environment. A social engineering attack may be used to gain access to a facility by tricking a worker into assisting by holding the door when making a delivery, or gaining access into a network by tricking a user into revealing their account credentials to the false technical support staff (see our article A 2-minute phone call and a fake link).
Solutions/Prevention
You have probably heard of most of these, but are you using them? And if you are, how can you be sure they are doing their job correctly?
Firewall
A security tool, which may be a hardware or software solution that is used to filter network traffic.
Antivirus
A security program designed to monitor a system for malicious software. Once malware is detected, the AV program will attempt to remove the offending item from the system or may simply quarantine the file for further analysis by an administrator.
Encryption
A way of scrambling data so that only authorised parties can understand the information. Encryption helps prevent data breaches, whether the data is in transit or at rest. If a corporate device is lost or stolen and its hard drive is properly encrypted, the data on that device will still be secure.
Two-Factor or Multi-Factor Authentication (2FA/MFA)
The means of proving identity using two authentication factors. Valid factors for authentication include
Type 1: Something you know such as passwords and PINs;
Type 2: Something you have such as smart cards or OTP (One Time Password) devices; and
Type 3: Someone you are such as fingerprints or retina scans (biometrics).
Security patches
An update to an operating system or application (e.g. Microsoft Windows). A patch is often used to repair flaws or bugs in deployed code as well as introduce new features and capabilities.
Backup
A duplicate copy of data on a separate physical storage device or online/cloud storage solution. A backup is the only insurance against data loss. With a backup, damaged or lost data files can be restored.
Backups should be created daily or weekly, depending on your needs. You should have three copies of your data – the original and two backups. And don’t store the three copies of data in the same place!
Next steps
The problem is, cyber attacks are evolving all of the time, so you need to be sure that your cyber security solutions are too. That’s where an IT Management partner can help. We know you’re busy focusing on running your business and the last thing you need is to be worrying about cyber attacks. Let the experts take the stress out of IT for you, so you can focus on the things that you do best.
We offer a 3-step approach:
If you’re unsure where to start and would like to have an informal chat about cyber security, please get in touch.
Listen to the Podcast
In the meantime, there’s some excellent advice in this First Voice podcast about cyber safety. Our MD, Nick Marden got together with Helen Barge, MD of Risk Evolves, to discuss top tips for protecting your small business against a cyber attack and to give us a rundown of the different types of risk that you may face.
Useful links
National Cyber Security Centre (NCSC)
NCSC Exercise in a box
Metropolitan Police Cyber Protect
Sort-IT Cyber Security Solutions