With over a dozen types of potential cybersecurity threats, protecting your business is seriously complex. 52% of small-to-medium businesses don’t have a dedicated IT department (or person), but rather, spread the duties across other roles who may not be the best defense against cyberattacks. This is startling when cross-referenced with the knowledge that 80% of those small-to-medium businesses rank security as highly important. Budget constraints are one of the largest contributors to why more investment isn’t put toward hiring a specialized position.
The pitfalls of not protecting your business are incredibly costly. In 2018 alone, small businesses surveyed showed that 40% have fallen prey to a cyberattack. Of those, phishing and malware were the leading tactics closely followed by ransomware attacks.
In 2017, it cost small businesses an average loss of $80k to recover from cyberattacks. We mentioned there were more than a dozen types of potential threats, which include:
- Distributed Denial of Service (DDoS)
- Phishing (AKA Spoofing)
- Trojan Horses
- WiFi Eavesdropping
- WPA2 Handshake Vulnerabilities (AKA Krack)
Let’s look at what they are, how they work, and how you can prevent their entry.
This type of cyberattack enters your system and holds your files hostage until payment is received. Ransomware typically gains access through email attachments or links via social engineering tactics.
Three main ways ransomware attacks:
Pop-ups often feature warnings that there’s something wrong with your computer.
- Screen Locking
Your screen locks, featuring an official-looking seal claiming you’ve been discovered for legal activity and must pay a fine.
Your files are locked with a code requiring a decryption key. You can learn more by reading our article on ransomware.
In an effort to mine cryptocurrency faster, hackers tap into the power of larger networks. Having many computers dedicated to mining increases their rate of return. At first, it may not seem that bad, but any outsider having access to your data isn’t a good thing. Cryptojacking often slows computer performance which slows productivity.
These little guys are rather hard to detect. Software robots infiltrate and infect other computers. This turns them into what’s commonly referred to as “zombies” which are remotely controlled by the originator of the attack. This little army expands the amount of damage that can be inflicted rapidly.
Botnets typically use your systems for spam/virus distribution and Distributed Denial of Service attacks. Sometimes, botnets will install malware on your computer while it’s there. Prevent botnet attacks by ensuring all your anti-virus, anti-spyware, and programs are up-to-date. Use firewalls and train your employees to spot phishing emails.
Distributed Denial of Service (DDoS)
This type of attack is similar to bombarding an opponent until they’re worn out. It uses mass sabotage on a site or a server, flooding the network with activity. This overloads the network until it slows or shuts down altogether, denying access to legitimate users.
Most recently, in 2018, GitHub was on the receiving end of the largest DDoS attack the Internet has seen. Smart hackers manipulated programs to work for them, thus enabling a massive repeated attack to deny service to GitHub users for several minutes.
An IT team can help set your business up to thwart DDoS.
This activity directs you to an illegitimate website in order to steal personal information. The sinister thing with pharming is that sometimes the URL will be real, but you’re unknowingly redirected to a fake website. Often, forms requiring personal information are required to proceed, which is how they steal your information.
Protocol here to prevent pharming is a bit more rigorous. It’s best to outsource to an IT team who knows about security.
Phishing AKA Spoofing
Phishing is one of the easier forms of cyberattacks to execute, mostly because they prey on human error. Fake texts, emails, and sites that look like real companies, are designed to steal personal and financial information. This is typically done through social engineering and luring tactics.
Phishing is a tactic that can be trained to spot and prevent within your organization.
Spyware is incredibly difficult to remove from your device once it’s been implemented. It can infect your system with viruses, send out your personal information, it steals personal info, can change your computer setup, and it can take you to unwanted sites and flood your computer with pop-ups.
Installing an anti-spyware program and ensuring firewalls and anti-virus are up-to-date will prevent this problem.
This devious program hides within legitimate software, installs itself and runs automatically, and once it’s up and running, it wreaks all kinds of havoc:
- Deletes files
- Hacks other computers
- Watches through webcam
- Log keystrokes
- Store personal information
Keep your software updated, implement firewalls, and don’t open or run attachments unless you’re 100% certain the source can be trusted.
These malicious programs attach themselves to emails or downloads then hijack your browser. They display unwanted ads, disable your security, send spam, and find your personal information.
Keeping your firewalls and anti-virus up-to-date will help your computer recognize potentially harmful files coming in and weed them out for your safety.
This hacktic involves “listening” to what’s shared over unsecured Wi-Fi networks. Ensuring that the “free public Wi-Fi” you’re using is secure is probably not something you or your employees immediately think to check, and it’s exactly this oversight that hackers prey on. Here’s a quick list of the kinds of data they’re hoping to steal from you:
- Browsing history
- FTP login details
- FTP documents
- VoIP details
- Encrypted Transaction details
- Chat history and conversations
Prevent Wi-Fi eavesdropping by doing a few things:
- Visit HTTPS sites only
- Use a Virtual Private Network (VPN)
- No file sharing
- Log out when you’re done
- Don’t make any transactions or enter personal information
- Make sure the network is password protected
This is a large category of malware types that can self-replicate. They don’t need to attach themselves to programs or files. Once they’re in, they live in your computer’s memory without damaging or altering your hard drive. However, it sends itself to other computers in a network and has the capability to disable a network or even the Internet altogether.
Prevent with updated programs, careful screening of attachments, use anti-virus and firewalls.
WPA2 Handshake Vulnerabilities (AKA Krack)
This method provides visibility into encrypted network traffic, allowing hackers to steal information and insert malware or ransomware upon exit.
WPA2 Wi-Fi is supposed to be more secure due to its 4-way handshake authentication method.
Handshakes 1 & 2: Network and access point must have matching credentials. This verifies the end user has the password.
Handshake 3: User session is encrypted with an encryption key to protect information exchange while on the network.
And this is where hackers come in.
They’ve figured out how to record and replay this encryption key for later use, allowing access, forgery and tampering (to simplify what happens). It’s commonly referred to as Krack because this type of hack is called a Key Reinstallation Attack. By capturing a private key and using it for private use, it circumvents the WPA2 network from being able to recognize a hack has happened, thus making these attacks successfully stealthy.
The best way to avoid this vulnerability gap? Update your operating systems as soon as a push update is provided. Newer systems are designed to thwart and protect against these vulnerabilities.
Protect Your Business
Many of these hacks are easily preventable.
- Implement firewalls
- Install anti-virus and anti-spyware (or anti-malware)
- Update your systems regularly
- Implement a vulnerability scan
A few of these are more complex solutions. With all these security threats facing your small business, it’s unwise to leave your protection up to anyone other than an expert. Outsourcing your IT is a wise investment that can end up saving your business money over the long-term.
In the meantime, want to level up your organizational safety? Learn how to spot phishing attempts in emails from our blog post.
Subscribe to our blog