October 23, 2015
Hackers Love to Target Small Businesses
October is Cybersecurity Month! Some businesses think that they’re immune to hacking attacks because they’re “low profile” compared to large corporations. However, the truth of the matter is that your organization is just as much at risk as they are. This month, take measures to keep your organization’s data safe, or risk losing everything in the fallout of a hacking attack.
The chances are actually very high that your organization will be targeted if you don’t take action to stop it. Here are three reasons, according to StaySafeOnline.org, a part of our National Cyber Security Alliance, that the small business is a key component of a hacker’s hit list.
Small Businesses Are More Exposed
While large enterprises have the funds and personnel available to enact strict security protocol and regulations, the small business doesn’t. Instead, they rely on their staff’s limited knowledge of cybersecurity to protect their data. It’s reported that 71 percent of security breaches are small businesses, which you wouldn’t be able to tell from the attention given to recent high-profile hacks, like Target and Sony.
Small Businesses Have Sensitive Data
Believe it or not, it doesn’t take much to attract hackers to a business. They understand the true value of any data, and even a few usernames and passwords or records are enough to attract unwanted attention from these criminals. The typical small business has employee records that hold personal information, financial records like credit card numbers, and some even have health records on file that are in high demand. Hackers take this information and sell it on the black market, which make it a lucrative source of revenue for criminals.
Small Businesses Are Vulnerable to Phishing Attacks
Hackers don’t want to take any risks that they don’t have to. Small businesses are often targeted by spear phishing tactics, which is when a hacker attempts to steal credentials by posing as someone with authority. Hackers will often take on the identity of an organization’s IT technician or even another client in order to acquire credentials for internal network access. This, in turn, leads to hacking activity that’s difficult to trace, and is ultimately much safer than other hacking methods.
Small Businesses are Vulnerable to Social Engineering
Your employees could be your weakest link.
Spearphishing is a specific type of phishing attack in which the attacker uses a fake email address to deceive an individual in an attempt to gain unauthorized access to personal information. This is a highly targeted operation in which the hacker has at least some information that he can use to make himself seem familiar to the intended victim.
Here are just a few examples of the types of phishing attacks that you or your employees could fall victim to:
- Via LinkedIn: A hacker creates a fake LinkedIn profile in order to target employees at a specific company. He uses the fake profile to access information about the targets’ current and past employers, job titles, email address and connections. This information could enable him to design a more effective spear phishing attack.
- Via LinkedIn email: A hacker sends a fake email that looks like it is coming from LinkedIn. When the victim clicks on the link in the email to “accept connection request,” it takes him to a fake LinkedIn login page. If the user logs in, his login information will be compromised.
- Via email attachment: An employee within the targeted organization receives an email with an attachment (e.g., fake invoice or report) for review. The attachment could look like a .zip file with an embedded PDF file icon, although it is actually an .exe (an executable file that runs a program). The downloaded malware file is installed on the business network where it has access to sensitive data, putting the company and its clients at risk.
- Via email link: A victim receives an email pretending to be from a financial institution or other trusted source. The email contains a fake link to a fake website where the victim’s computer becomes infected with malware, allowing the hacker to access the computer remotely and steal personal information, passwords, user IDs and online transaction information.
The good news about these common weaknesses and shortcomings of small businesses is that it doesn’t have to be challenging to protect your business from hackers. All it takes is some proactive monitoring and a quality security solution from Directive. By actively monitoring your organization’s network for potential weaknesses in your infrastructure, it becomes much more plausible to keep threats out of your system. Hackers love to take advantage of weaknesses in the source code of operating systems and applications, but if you apply the proper patches, you can dramatically increase your network’s security presence.
Similarly, you want a quality security solution, like a Unified Threat Management (UTM), which can protect your network from all manners of threats found on the Internet. By blocking threats through a combination of a firewall, antivirus, spam blocker, and content filter, you can keep dangerous entities out of your network and destroy those that make it through your defenses.
Give Boost IT a call at 404-865-1289 to learn more.