Why small businesses shouldn’t ignore cybersecurity
Most small companies have fire extinguishers and insurance for when their building catches fire. They also have health insurance and medical supplies for when their employees suddenly get sick. But what about their virtual presence?
In 2021, 61% of small businesses reported one or more cyberattacks totaling a loss of $20 billion. In comparison, fire damages totaled $21.9 billion. But the spending on cybersecurity is so low and untracked for small companies that there are no reliable sources for statistics related to the average annual spending on cybersecurity.
With those statistics in mind, let’s consider common cyberattacks and solutions to them so that you can better protect your small business.
Phishing attacks make up 90% of all data breaches and are the most common scams you will see. Typical phishing attacks come in the form of malicious emails that include links designed to draw you in using the trustworthy name of a legitimate business along with their standard branding and language.
The only thing that can separate these types of emails from legitimate ones is a one-letter change in the email address. Although you may think your keen eye can detect those minute differences, a Cisco study shows that at least one person has clicked on a phishing link in 86% of companies. The best way to stop this type of attack is education on the topic and keeping your eyes peeled.
Malware is an encompassing word for multiple software types that have malicious intent and will cause damage to an infected system. Malware can range from annoying to company destroying. We will cover five types of malware and solutions to each:
Adware is the harmless side of malware that most of us have already experienced after downloading a less than safe audio file or video game. This software will present the downloader with advertisements for various products or services. Maybe you have seen the memes of “hot moms near you?” Those are the types of “services” you will get. The best way to avoid adware is not to download that song from a YouTube converter.
Computer viruses get their name from the real-world equivalent because they can replicate and spread across multiple systems. Viruses can record keystrokes and mouse movements, search databases, send information to places you don’t want, etc. There are only two real solutions to a virus problem.
- Get malware identification software to avoid the problem in the first place.
- Once your computer is infected, you’ll need antivirus software. You might be looking to pay a pretty penny to clean your systems, but it could be well worth it, especially if you have stored user data.
In contrast to viruses, worms can spread without sharing files. They spread via networks and the computers that share that network. Antiviral software is good for singular computers, but when it comes to this type of malware, you might want to look at full-fledged network protection and enterprise software. To give you an idea of how dangerous worms are — the most damaging virus to date was a worm called Mydoom, which, adjusted for inflation, caused $52.2 billion in damages.
Like the horse, these software attacks look like wholesome gifts but will release a torrent of damage to your computer when opened. Trojans can replicate and spread quickly; however, they need human interaction at least once to initiate. The easiest defense is requiring software downloads to come from reputable developers, a setting that can be turned on in Macs or Windows settings.
Spyware is a sneaky, usually non-destructive form of malware that is looking for login info, keystrokes, and opportunities to take any credentials that can offer financial gains. Spyware can be packed and shipped to you via a trojan or even advertising interactions. Most dangerous of all, they can even be initialized from tracking cookies. Spyware can be avoided by using antivirus software and anti-tracking browser extensions.
Most commonly heard about in local and national news, ransomware is like a virtual kidnapping and hostage situation. Instead of people, this software will infiltrate via one of the ways described above, locate the most valuable data or system, wrap it, and create a “smart contract” — an if/else statement.
The If/else statement will present something like this, “If you pay me, you will get your data back; otherwise, we will destroy all your information.” Sometimes ransomware doesn’t destroy the data; it can do something worse and even more damaging… it can release the data.
In the case of small businesses, ransomware will threaten to release sensitive information, like customer data (including names, addresses, credit card info, etc.), company secrets, and anything else needed to continue business operations.
How to protect your small business
There are many ways to increase your small business’ cybersecurity, including educating yourself and your team about cyber threats and creating a well-thought-out cybersecurity plan. But the first defense against cyberattacks should be using a VPN.
You might ask yourself, “If the main thing I have to worry about is downloading files and clicking links, then what do I need a VPN for?” Well, one of the last cyberattacks comes from network visibility. A VPN will encrypt your data and send it through an anonymous server, hiding where your traffic is coming from.
Virtual workers should consider getting a VPN, especially if they plan to work on public Wi-Fi networks. If you are logging into sensitive information on public Wi-Fi and a hacker can identify the data going through the network, it could be bad news for your servers and passwords.
Protecting your business
Software continues to advance, becoming good and worse at equal speeds. Knowing what is lurking on the Internet is the best way to protect yourself and your small business. The main things to take away are:
- Cyberattacks are becoming more common.
- Don’t click links in emails unless you know the sender.
- Don’t download music or films from a suspicious website.
- Use a VPN when accessing sensitive information on a public network.