Small businesses around the country (and the world for that matter) are special. They are the dreams of unique individuals who wanted to fill a void they found in their community and beyond. These “mom and pop shops” make up much of what gives our hometowns and favorite place between places that charm we adore so much.
The things that make these important community pillars so special is also what makes them prime targets of hackers and ne'er-do-wells of all types, aiming to exploit the relaxed nature of small businesses to steal millions of dollars in data and information. In fact, in 2020 the FBI’s Internet Crime Complaint Center (IC3) received 2,474 complaints identified as ransomware, totaling adjusted losses of over $29.1 million.
What Are The Threats
The first step in protecting yourself from would-be bad guys, whether you’re Jack Ryan or Jack driving the Dan Ryan on your way to your small business, is to fully understand the threats that your organization faces. Though not always, hackers are typically looking to release malware into your system.
While we can’t exactly list every single new form of software each hacker is utilizing (because, quite frankly, it’s a lot), here are a few key threats you should be aware of:
- Malware & Ransomware Campaigns: Malware is software designed to wreak havoc on a computer, server, client, or even entire networks. Ransomware, on the other hand, is a specific type of malware that infects and restricts access to a computer until a ransom is paid. Ransomware is typically delivered through phishing emails (below) and exploits unpatched vulnerabilities in software (also below).
- Email Phishing Campaigns: A digital outlaw sends someone on your team an email containing a link or dangerous file which deploys their malware after it’s clicked by the recipient. Historically speaking, hackers have used generic “shotgun” strategies to deploy malware, through recent ransomware campaigns have become more targeted and sophisticated as optimal victims are identified.
- Remote Desktop Protocol (RDP) Vulnerabilities: RDP is a proprietary network protocol that allows individuals to control a computer and its contents (data, etc) via the internet. Cyber criminals have used both brute-force methods like trial-and-error to obtain user credentials and additional utilize credentials purchased on dark web marketplaces to gain unauthorized RDP access to victim systems.
- Software Attacks via Unpatched Vulnerabilities: Savvy criminals can also take advantage of security weaknesses in widely used software programs your small business utilizes to gain control and deploy ransomware on your system.
How to Protect Yourself
First and foremost, the first step in improving your overall digital security is understanding your small business’ specific risks and where your team should make which improvements. Utilizing a professional IT organization (we know one if you’re looking…) to assess your risk, cybersecurity assessments identify where a business is currently lacking, developing a plan of attack which typically includes end user training, guidance on securing email platforms at your business, and advice on protecting the assets you rely on.
The first, most critical, step in protecting your small business is to make digital security a top priority. A staggering 88% of small business owners believe their organizations are open to a cyber attack, and as businesses are living the remote life, 20% reported security breaches owed to remote workers. On the topic of remote work- we wrote a blog about ways to keep your remote/hybrid workers secure here.
Given that so many employees were directly responsible for the issues they put onto their organizations, small businesses should also add educating their employees to the top of a robust cybersecurity approach. Depending on who your team is and what they do, you can train them to do everything from updating their passwords regularly (70% of small businesses reported employees passwords being lost in the past year) to installing software patches.
Remember that blog we did recently about backing up your data? This is the perfect place to task one of your more tech savvy and trusted employees to save a copy of your system nightly, or whatever it is your team decides is the best course of action for your data.
Finally, if this is a little overwhelming and you’re planning a first draft email to whichever IT organization you trust most, here are some free utilities your small business should be taking advantage of right now to improve your digital security:
- FCC Online Planning Tool: The Federal Communications Commission offers a useful cybersecurity planning tool to aid in developing a unique strategy based on your needs
- Internal Cyber Resilience Review: The Department of Homeland Security’s (DHS) Cyber Resilience Review (CRR) is a non-technical assessment which aids in the evaluation of your current operational resilience and cybersecurity practices. Cybersecurity professionals from the DHS can even aid in your review!
- Cyber Hygiene Vulnerability Scanning: If you’re really into the free solutions, DHS also offers cyber hygiene vulnerability scanning for small businesses at no cost. This service can help your connected systems with weak configuration and known vulnerabilities.
- Supply Chain Risk Management: Using the Supply Chain Risk Management Toolkit, your team can actively work to shield yourselves and your information, communications, and technology from sophisticated attacks along your supply chain.
We aren’t trying to sound all “movie trailer guy” here, but:
In a world… Where data can be breached at literally any time for any reason… Protecting yourself means one thing: Actively working on your IT security.
*AHEM* Anyway, this means different things for different businesses, but it always means being proactive and forward-thinking about your digital security. For more information on how your small business can protect itself from bad actors check out our other blogs or give us a call at (864) 552-1291, and we'll help you evaluate capabilities and options.