Small businesses are the target of 43 percent of all cyberattacks, and 60 percent of these are out of business within six months of the attack. It’s vital to spot the dangers and know how to avoid them.
Let’s look at the main cybersecurity threats for emerging businesses and how to deal with them.
Phishing
Phishing is tricking people into revealing private information such as passwords or codes. This is most often done by email. The illegally acquired data can then be used to steal money, customer details, or technical secrets from the company.
How to prevent this from happening to your company?
Train all your employees to treat every email from an unknown source as dangerous. They should never click on a link in a message of dubious origin.
They should be extra careful with mail purporting to come from financial institutions or IT specialists in particular. Ensure they check the address of all these types of communication against the contact information on the company website.
Be particularly careful with passwords and security codes of all kinds. These should be carefully guarded and difficult to guess. Ensure they are periodically changed.
Using public Wi-Fi
With many startup entrepreneurs working outside normal office space and office hours, they will inevitably resort to the use of public Wi-Fi from time to time. Wi-Fi in cafés, airports or other public places is sensitive to “man in the middle” attacks. This is where the hacker places himself between you and the Wi-Fi access point.
While using public Wi-Fi is best avoided unless absolutely necessary, your data is safe from just about any kind of cyberattack if you use a reliable VPN. You may wonder, what does VPN mean? In simple words, it encrypts your data and makes it unreadable and worthless to any unauthorized party who gets access to it. Even your own internet service provider can’t have any knowledge of your online activity.
Working without a VPN, even when using HTTPS, is putting your whole enterprise at risk and exposing yourself to legal problems if your customers’ data is stolen.
Cryptojacking
Cryprojacking is when a cybercriminal uses a victim’s computer to mine cryptocurrency. This is done without a victim’s knowledge. If your device has been cryptojacked, this will slow down everything else you’re doing on your computer, reduce its lifespan, and increase your electricity bill.
There is a strong link between digital currency and illegal activity, such as purchasing illicit goods or money laundering.
How to protect your devices? Here’s what you can do:
- Have secure and complex passwords for all points of access to your system;
- Train your staff to protect this data;
- Monitor your CPU/GPU usage with Windows Task Manager or Apple Activity Monitor;
- Investigate any suspicious activity.
Hacking
Hackers can exploit a security weakness in your system to get access to your devices to steal your money, customer records, or company secrets.
To comply with Europe’s General Data Protection Regulation (GDPR), businesses must be extra careful not to allow cyber criminals access to their systems. If they let this happen, they can be fined up to four percent of their annual revenue.
Probably the first line of defense against hacking and data theft is a VPN. It is a necessary cybersecurity tool for every startup.
Using a reliable VPN and antivirus software can save you from potential data breaches and leaks.
Malware
Malware (malicious software) is any software intentionally designed to disrupt a device, server, or network. Its purpose may be to steal information or simply vandalize the system it attacks.
Signs that your computer has been infected include:
- performance drops;
- crashing or freezing;
- increased pop-up ads;
- your browser redirecting you to sites you aren’t trying to access.
It can also send messages in your name to your contacts.
Keep all your operating system, browser and plugins updated. Also, get rid of any programs you don’t use, especially obsolete ones such as Windows 7 or 8 or old versions of Adobe Reader.
The manufacturers of outdated programs eventually stop installing security updates, leaving your device vulnerable to attacks.
Distributed Denial of Services (DDoS)
DDoS is where your site is overwhelmed by an organized flood of requests from thousands of sources, making it crash.
It’s orchestrated through many channels, often private computers whose owners are unaware their devices are being used for this purpose. It’s the equivalent of crowding the entrance to business premises with hundreds of people, keeping genuine customers out.
To guard against DDoS, ensure you have far more bandwidth than your normal activities require. This way, even if the attack happens, your system will still function on a basic level. Then you’ll be able to get the problem fixed. To reduce DDoS risk, make sure you have a good quality hosting provider, even if it costs extra.
Ransomware
Ransomware is malware that is placed on devices or networks to extort money from the victim. It can block all access to your data or encrypt it until you’ve paid for the decryption key. The ransom is usually paid in untraceable currencies such as Bitcoin, so tracking down the perpetrators is unlikely.
A sound antivirus system is one way of preventing ransomware attacks. If you use Windows, it’s best to disable user access to the tool VSSadmin.exe. By doing this, you will have a backup copy of your files if they are hidden or encrypted.