As the world continues to deal with and recover from the COVID-19 pandemic, the danger from digital threats remains a significant and growing challenge to the business world and the economy at large.
Cyberattacks on businesses and other organizations result in billions of dollars in financial losses each year, cause disruption and damage to operations and supply chains, and inflict reputational damage from impacted customers, investors and other key stakeholders.
While attacks and data breaches at large companies like Target and Marriott grab the news headlines, smaller organizations are certainly not immune to the risk. According to Verizon’s 2019 Data Breach Investigations Report, cyberattacks on small businesses represented nearly half of all such instances during the year. More troubling is that according to the National Cyber Security Alliance, approximately 60% of small businesses that experience a cyberattack go out of business within six months.
It is vital that all businesses and organizations, regardless of size, take measures to better protect themselves and their financial, customer, and employee data from potential attacks from cyber criminals. Below are three of the most common cyberattacks impacting small businesses and organizations, as well as tips and guidance on how to better protect against such an attack.
Phishing is used by an attacker often in an attempt to steal important information such as passwords or banking and credit card information. The attacker often uses email or instant messaging to trick an individual into providing the information by responding to the message or clicking on a link included in the message.
Once stolen the information could be used to perform more advanced attacks on the victim; it could also be used to commit identity theft or be sold on the dark web. These attacks used to be more generic and easier to detect (who hasn’t received a request for money from a Nigerian prince?); however more sophisticated “spear” phishing attacks are focused on particular individuals inside an organization and appear to be legitimate emails from trusted and known individuals.
To better protect against phishing attacks, businesses can:
- Educate Employees: User education is one of the most important lines of defense against phishing scams and cyberattacks in general. Employees should receive training on how to better identify phishing messages, procedures to follow when a phishing or suspected phishing message is received, and best practices for handling links and other attachments in emails.
- Install Anti-Phishing Software: Many antivirus software products such as Bitdefender and Avast have anti-phishing components that can be installed for use in email programs such as Outlook. These programs can help filter out phishing emails and messages and provide alerts to users when a message appears suspicious or high risk.
- Implement Additional Verification Controls: Businesses and organizations should have strong internal control procedures around asset appropriation, including purchasing and wire transfers. Requiring signed requisition and transfer forms or having additional secondary forms of authorization can help prevent asset loss when a convincing phishing attempt is received. For example, if an employee gets an email from the CEO requesting a wire transfer, the employee could be required to call the CEO and speak with him or her directly to verify the request.
Malware and Ransomware
In a malware attack, the perpetrator seeks to install some form of malicious software (such as a virus, spyware, keylogger, or Trojan horse) onto the user’s computer or system. The software program can then be used to steal data, infect other computers, and/or compromise other areas of the organization’s network.
Embedding the malware in an email attachment and getting the user to open it is a common method used by attackers to install their program; however computers can also be infected with malware though infected hardware (such as a flash drive) or a website. Recent years has seen an increase the ransomware attacks among small businesses.
In a ransomware attack, the hacker infects the company’s network with a malware designed to deny access to important files or to shutdown parts or all of their IT system. The attacker then demands a ransom payment from the company to unlock the files or devices.
Companies can take the following steps to defend against malware attacks:
- Keep Antivirus Software Updated: Antivirus software can be effective in preventing a malware attack or detecting an infection before significant damage is done. However it is critical to keep the software updated as new malware programs are being written every day.
- Be Skeptical of Email Attachments: As noted earlier, email attachments are a common pathway used by attackers to spread malware. Never open email attachments from unknown senders, and treat unexpected or unusual attachments from trusted senders with caution. It is best practice to have all email attachments scanned by an antivirus software prior to opening.
- Plan for a Malware Attack: Despite having strong controls and IT security processes, businesses can still fall victim to a malware attack. It is therefore important to have a proper plan in place that addresses the action steps necessary if or when a malware infection occurs. Companies should review and update disaster recovery plans to account for a potential malware attack, and purchasing a cyber insurance policy should be considered if the organization has significant assets that could be vulnerable to a malware or ransomware attack.
Man in the Middle
As the name suggests, a Man in the Middle (MITM) attack occurs when the hacker seeks to gain access to a network connection in order to intercept the transfers between two entities. The attacker can then monitor activity and communication that occurs over the connection as well as potentially steal files and information shared between the two parties.
Taking the actions below can help to guard against these intrusive attacks:
- Avoid Unsecure Wi-Fi Connections: The main tactic that hackers use to carry out a MITM attack is by spoofing a public Wi-Fi connection, such as a hotel or café hotspot, and fooling the victim into connecting to it. It is strongly encouraged to avoid such unsecure internet connections and instead use a cellular or private hotspot connection when working from a remote location.
- Transfer Files via a Portal: In a MITM attack, the perpetrator will have access to email communications, which include attachments. Any sensitive or valuable files should not be transferred using email attachments; rather it is best practice to use a portal or other file sharing site to upload and download this information.
- Use VPN and Encrypted Email: Using a virtual private network (VPN) connection works to create a private network over an otherwise public network and can increase security for the communications shared over that network. Many antivirus programs include functionality to create VPN connections. In addition, companies should consider using encryption technology for any email communication that contains important information that could be valuable to potential cyber criminals.
Cyberattacks present a real security and business concern to entities of all sizes. Organizations should not ignore the risks and work to develop strategies to better mitigate potential attacks and communicate these plans to all employees and stakeholders. While a cyberattack may not be completely unavoidable, the well-prepared company will be better positioned to minimize the potential damage and to avoid becoming an unfortunate statistic.
Concannon Miller understands the importance of cybersecurity and is focused on helping businesses and organizations better protect their data and networks. Contact us for more information.