Small businesses have a lot to gain from handling operational processes online. But with the increased risk of cyber-attacks, they also have a lot to lose. The U.S. National Cyber Security Alliance found that 60 percent of small companies that experience a cyber attack are out of business within six months. Despite this, nearly 90 percent of small and medium-sized businesses do not use data protection for company and customer information. The lack of security leaves them vulnerable to several types of attacks. Here are the most common ones and how to protect yourself.

Ransomware Mitigation:

This is a type of infectious file which is designed to take over your computer, usually by denying you access to your data. It encrypts data essentially blocking you and holds the files for ransom. Next, the attacker offers to decrypt them for a fee, and if the user doesn’t pay within a certain amount of time, their data will be lost forever. Depending on the type of production environment, some people pay the fee if they don’t have backups.

How to protect yourself:

As a first line of defense, ensure you have an up-to-date anti-malware program running on every computer in your business. Also, perform routine backups. Even if your data gets encrypted, if you have valid backups with quick restore capabilities, you can always wipe the systems and recover from a backup. A caveat to this is that you need multiple backups in case your backup also copies the malicious encryption software. Typically, you want 30 days worth of backups.

Phishing Emails (Spear Phishing emails):

Phishing occurs when a scammer uses fraudulent emails appearing to come from a trusted source. They are meant to look as if they are from a webpage you visited or in some way related to your business operations. They come from unwarranted senders whose sole purpose is to obtain personal information from you and your identity. Another form of this is called a Spear Phishing operation. It occurs when information is gathered without tipping you off that anything is “phishy.” This is because Spear Phishing attacks are specifically designed to look like a piece of mail you’d be expecting.

How to protect yourself:

Think twice before clicking on sketchy links. Pay attention and listen to your instincts If an email seems off, it probably is. The driving factor behind phishing is to get you to do something without raising your suspicions. Always be generally skeptical of downloading attachments and links and consider the source of the email. These scams are more sophisticated and can fool you as these types of email can come from someone you know as well. Make sure you scrutinize the email addresses and content for anything out of place and if anything seems odd coming from that specific person, they may be compromised.

Spoofed Email

Spear Phishing can also be used in tandem with spoofed emails. These are emails which appear to be from a legitimate person, but they are not. This is a tactic which goes hand in hand with the phishing scam mentioned above. The purpose is to trick the recipient into providing money or sensitive information.

How to protect yourself:

Mitigation of these is as simple as it requires what is referred to as a SPF record (Senders Policy Framework). SPF is a simple email validation system designed to detect email spoofing. This record just states that if an email is from “Joe@Cupof.com,” then it needs to originate from the IP address of Cupof.com’s mail server.

Zero Day Attacks

Zero day means the malicious item hasn’t been made public. Otherwise, there would already be a patch to resolve it. Only after someone or an organization is affected and the incident is reported to an organization Microsoft/Kaspersky / AV companies, is it even an option to have them patched. The patches are either rolled out immediately or within a week depending on the severity of the items reported.

How to protect yourself:

You can mitigate the risks by performing software updates as they are available and be especially diligent about backing up your data. It also helps to stay informed about new reported about malicious software.

When it comes to cyber security, preparation is the best defense against attacks. If your small businesses is growing, you might consider hiring an IT professional to manage and safeguard. Small business owners often come to us for help when they need working capital to expand their workforce. Please reach out if you have questions about how we can help you.