Protecting a Small Business from Cyber Attack

It’s important to know what steps to take to halt cyber thieves.

 By Alexandra Walsh

The 2016 State of Cybersecurity in Small & Medium-Sized Businesses report found hackers had breached half of all small businesses in the United States within a 12-month period.

A survey recently published by Manta, an online resource dedicated to small business, shows 87% of small businesses don’t think they’re vulnerable to a cyber attack. Further, one in three small businesses do not have the proper tools such as antivirus software, firewalls, data encryption programs, or spam filters to protect themselves from such an attack.

What Are Cyber Attacks?

According to a recent survey, the most popular types of cyber attacks businesses experience are:

  • Web-based attack (49%)
  • Phishing (43%)
  • Malware (35%).

Web-based attacks refer to threats you may find when browsing the Internet. These malicious software programs will often target users who don’t have security products installed on their computers.

In other cases, these programs are designed to target popular applications or operating systems. For example, they might reel you in by telling you your computer doesn’t have the latest update. Always surf the web with extreme caution and never agree to download any updates not recommended by the program itself.

Phishing refers to attempts to trick users into clicking on a link or giving confidential or personal information that can then be used to defraud that individual or business.

For instance, phishing emails may look like they’re from a sender you trust (like your bank, a social networking platform, or a retailer). If you respond to that email or click on the link provided and then give up your username, password, bank account information, credit card number, or other data—you may not even realize you’re being scammed until it’s too late. With this information, a hacker can quickly take over your identity and steal from you or your business.

Malware and phishing, in many cases, can overlap. Ransomware attacks usually involve an email containing a link or file that appears innocuous but actually contains dangerous malware. Once a user opens the attachment or clicks on the link, their computer immediately becomes infected.

These malware programs encrypt the computer, which locks the user out of everything on the device (like files, folders, and drives). Sometimes, the entire network can become infected. Then the user will receive a message that promises to unlock the system in exchange for payment (usually requested in Bitcoin, a type of digital currency).

Most experts recommend you should not pay the ransom since there’s no guarantee your files will be returned. In addition, sending payment to cybercriminals only encourages this behavior in the future.

Protection from Cyber Attacks

Other than investing in quality protective software available, one of the best ways to protect your business is to educate your employees. Around 75% of organizations consider negligence by employees to be the greatest data breach threat, and 80% say “end user carelessness” is their main threat to cybersecurity.

Experts say these are the top steps to preventing cyber attacks:

  • Never open a suspicious attachment or link in email—even if it is from someone you know. Hackers will often send malicious programs through someone else’s email account to their address book.
  • Use a browser extension that detects websites that are malicious.
  • Use security software and a firewall.
  • Back up your data every day. Use a data-backup and recovery plan for all critical information. Use both cloud and on-site backup methods. When all else fails, if your data is destroyed by malware, you can access it through your backup.
  • Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process.
  • Use application whitelisting to help prevent malicious software and unapproved programs from running.
  • Keep your operating system, software, and browser up-to-date with the latest updates and patches. Vulnerable applications and operating systems are the targets of most attacks.
  • Maintain up-to-date anti-virus software, and scan all software downloaded from the Internet prior to executing.
  • Restrict users’ ability (permissions) to install and run unwanted software applications.
  • Activate an awareness and training program. Because end users are targets, employees should be aware of the threat of cyber attacks and how they are delivered. And if they use their own devices, make sure these are protected as well.
  • Install strong spam filters to prevent phishing emails from reaching employees and authenticate inbound email.
  • Scan all incoming and outgoing emails to detect threats and filter executable files (used to perform computer functions) from reaching employees.
  • Configure firewalls to block access to known malicious IP (Internet Protocol) addresses.
  • Set anti-virus and anti-malware programs to conduct regular scans
  • Never use a public Wi-Fi connection unless you are also using virtual private network (VPN) encryption software.
  • Do not assign administrative access to employees unless absolutely needed. Those with a need for administrator accounts should only use them when necessary. Set administrative rights on your computers to prevent installations not authorized.

_____________

Though the information above is written with a business in mind, these tips can apply to home computers and networks as well. Everyone who uses a computer should at most be aware of how cyber thieves operate. Only then will your network be secure.

DACUM Codes
To help meet your professional needs, this column covers skills and competencies found in DACUM charts for drillers, pump installers, and geothermal contractors. DO refers to the drilling chart and GO represents the geothermal chart. The letter and number immediately following is the skill on the chart covered by the column. This column covers: DOK-10, DOK-14, DOL-2, GOI-10, GOI-14, GOJ-2 More information on DACUM and the charts are available here.

Alexandra Walsh is the vice president of Association Vision, a Washington, D.C.–area communications company. She has extensive experience in management positions with a range of organizations.