Life isn’t getting easier for the business owner and those in charge of critical IT infrastructure.

Attacks are becoming more frequent (email phishing attempts still top the list!) and more costly (Ransomware costs Australia alone up to $241M). Businesses are failing at the absolute basics on a frequent basis but businesses owners attitudes towards cyber risks are still relatively modest.

Why are small to medium businesses at target?

“I’m small. Nobody knows who I am, therefore how could I be a target?” – it’s a phrase that’s repeated in the SME space on a global scale, when in fact the opposite is true: the fact that you’re small and have direct access to your bank accounts makes you the perfect target.

This mentality means you put Cybersecurity as a lower concern thus making them an easier target. In some cases, such as the Target hack, small businesses can  be the gateway into their bigger clients.

What are the biggest cyber threats to SMEs?

Knowing your threats is the best way to start protecting your critical infrastructure.

Ransomware

Ransomware is one of the biggest threats to SME's

A ransomware attack is when an attacker gets malicious software (malware) installed onto your computer. This malware encrypts (scrambles) the contents of your computer (and others on your network) and only gives you access back to your data once a ransom has been paid… sometimes.

Method of attack: Phishing Emails, which are emails designed to look real and trick a user into clicking on a link that downloads the malware.

Methods of defence and recovery:

  1. Staff awareness training. Make sure your team knows the risks and how to identify potentially malicious emails
  2. Backup. Have a backup system that is resilient enough to withstand a ransomware attack. Not all backup systems can withstand a ransomware attack.
  3. Link protection and mail filtering. Make sure you have some sort of automated system in place that checks for obvious spam and malicious content.

Spear phishing

The difference between phishing and spearfishing is that spear phishing is targeted at individuals rather than a scatter gun approach

Spear phishing is a tailored and targeted type of phishing aimed at a particular individual. An attacker may have access to some of your details found on social media sites and use that to extend a scam to you.

Method of attack: Phishing emails that look very real. Gone are the poorly worded emails riddled with spelling mistakes (although sometimes that’s intentional) and what you’ll see are targeted emails with false narratives in order to steal credentials or information.

Methods of defence and recovery:

  1. Staff awareness training. Make sure your team knows the risks and how to identify potentially malicious emails
  2. Link protection and mail filtering. Make sure you have some sort of automated system in place that checks for obvious spam and malicious content.
  3. Multi-factor Authentication. Make it a lot harder for an attacker to gain access to your systems. They might have your username and password (which is easy for you to change) but they probably won’t have access to your mobile phone, which is the additional “key” you have for your systems.

Summary

“The cloud” promised hardware that never needed replacing and security that was beyond what you could afford. In some ways that was delivered, however many application vendors leave it up to you to turn on security features which creates a gap.

If you assume that a system is secure then you won’t think to actually secure it. Microsoft actually recommends that you backup your Office 365 system.

Here’s an extract from the Microsoft

Section 6. b.

  • We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.

That really doesn’t inspire confidence but luckily there are third-party backup services available.

Business owners can ill afford to underestimate the risks involved with running their businesses in 2020 and beyond. Cybercriminals really don’t care if you’re big or small, doing good in the world or not – they just want your money. Above are some of the most basic steps you can take so that you’re no longer considered the “low hanging fruit” in the eyes of cybercriminals.

If you’re not keen on taking a DIY approach to cyber security, then consider getting some outside help from a team of experts. You can either try and DIY your own Cybersecurity or talk to a trust Managed IT Services Provider who can talk you through it all.

CYBER NEWS

Subscribe now to the monthly newsletter that delivers the 
information that makes your business smarter.
SUBSCRIBE