4 big security threats facing your small business
You no longer have to be a large corporation to draw the attention of cybercriminals. In fact, your small business could be appealing to hackers, simply because you don’t have the same level of security that a big firm can bring to bear.
Learning more about the most common risks can help you protect your organization and ensure you don’t fall victim to a scammer.
Your Own Employees
While an Edward Snowden style malicious insider is a rare threat to most organizations, even your most loyal team members could put your business at risk. From poor password choices to the rise of Bring Your Own Device (BYOD) at work, your loyal workers could be inadvertently exposing you to risk:
Passwords: How strong are the passwords your team uses? According to the findings of Keeper Security, many of us choose passwords that are shockingly simple. From "Password" to "123456", if your employees are taking the easy route when it comes to passwords, you could face a security breach.
Phishing Scams: An employee who unknowingly clicks on a link, opens a document or downloads a file could be introducing malware to your system.
Mobile Devices: They make it easy for your employees to connect remotely, but unless you have a security plan and policy in place, allowing employees to bring their own devices (BYOD) could boost your risk.
Physical Threats: Employees that leave devices on and accessible or those that write down passwords and leave them in accessible places can increase your risk. Video object tracking can help secure your facility and workstations.
Employee education about common phishing scams, heightened password requirements and creating clear policies on mobile device use can help you mitigate the risk of having employees who access your data.
Who's That Email Really From?
This email trick is similar to scams run on the elderly, where the scammer pretends to be a friend or relative in trouble -- the senior is directed to provide a credit card or other form of funding to help in an emergency. Cybercriminals have taken this scam to the business community, faking memos or emails from within the business itself to trick employees into sharing sensitive data.
The Business Email Compromise (BEC) scam attempts to trick unwary employees into wiring or sending cash. A recent security alert by the FBI reveals that scammers use a variety of methods to pretend to be a trusted vendor, manager or CEO and ask for wire transfers. The average victim parts with $25,000 or more, according to the FBI.
Any urgent email requesting money from a CEO or other trusted person in your organization requires follow-up -- in most cases, simply verifying by phone can help you determine if the request is a legitimate one.
The Rise of Ransomware
A malicious form of software that kidnaps your data and holds it for ransom could cause your business to lose valuable assets and experience significant downtime. Ransomware is constantly evolving, but in general, you are locked out of your own system and forced to hand over some cash to regain access.
Ransomware targets both individuals and organizations using the same methods; the only difference is in the amount of money required to release the data. In South Carolina, a school district ended up paying over $10,000 in ransom to release grade and student records, while other businesses, including healthcare facilities, have been hit by far more expensive ransomware requests.
Ransomware is profitable for thieves and as a result, is on the rise; this particular form of malware saw amazing growth in 2016 and the FBI predicts it will continue to grow in 2017 and beyond. Employee education is the best way to protect your business from ransomware; the malware is generally delivered via an attachment or download.
Microsoft Document Scams
Since Word, PowerPoint and Excel files are often shared between employees in an organization, malware coders have come up with a way to capitalize on the process. Code designed to specifically exploit vulnerabilities in Microsoft office can be used to help malware slip into your system.
From sending a document that looks like it was generated inside your organization to spoof employees into opening it to actually attacking the Office program itself, cybercriminals are attaching this popular program. Making sure your Office suite is up to date with all recent patches and that you have a good anti-virus program in place can help defend against this popular scam.
From sophisticate malware to your own loyal employees, cybercriminals use a variety of methods to breach your system. Being aware of the threat and taking steps to secure your facility and educate your team can help you mitigate your risk in 2017 and beyond.
Rick Delgado has been blessed to have had a successful career and has recently taken a step back to pursue his passion of freelance writing. He loves to write about new technologies and ways of keeping ourselves secure in a changing digital landscape. He writes articles for several companies, including Dell.