Cyber Awareness: Protect from Within
“It wouldn’t happen to me.” The thought anyone has when it comes to life threatening, career ending catastrophes. This is the phrase we use to justify our ignorance for cautious behavior, but what do you do when it does happen to you?
Cybersecurity attacks in recent years have been targeted towards small and medium sized businesses, making up 43% of all total cyber attacks in 2021, yet only having the resources and preparation necessary to mitigate these attacks 14% of the time. The small businesses of our country are both woefully unprepared in the event of a cyber attack, and simultaneously the most at risk for cyber attacks due to that unpreparedness.
Crest Security Assurance has found through experience mitigating attacks and training in cyber awareness, that the sources of the cyber attacks often start with the ignorance of personnel, with the majority of attacks on small businesses being phishing attacks on employees of the company malicious actors are trying to get access to.
This is why it is important to understand the basics of what your small business is at risk for, and how to mitigate those risks, whether that be through training with a seasoned cybersecurity firm like Crest, or doing some free training and watching videos on the internet..
THE RISKS
There is pretty much a industry wide consensus that phishing attacks are the number one risks posing the cyber health of small businesses around the globe, but there are some other threats that any small business owner should be privy to:
Malware: A cyber attack that executes unwanted action on the victim’s IT systems. There are three main types:
Trojan Horse→ when malware is hidden in a downloaded application, such as a game or internet PDF
Virus→ A malicious code that attacks programs, files, and/or components of the computers’ operating system.
Worm→ malware that infects the system and other affiliated programs
Viruses: Designed to harm the hardware of your computer, viruses can damage programs and files, delete files, and decelerate the performance of your overall computer. You can get a virus from one of these many unsafe practice:
Sharing files
Opening infected emails
Visiting a malicious website
Downloading harmful applications
A virus can be identified on your computer by the tell-tale signs of most viruses:
Increases in pop-up windows
Unauthorized password changes
Deleted files
Inefficient network speed
Ransomware: This is when a malicious hacker steals critical data from the company including, but not limited to; passwords, credit card information, Personal Identifiable Information, files, databases, applications, or really any data that is important to the function of your business. The hacker will hold this data hostange and demand a sum of money to be paid by the company to obtain their data back and/or not have it leaked into the public domain. The ransom is usually demanded within the first 72 hours of the hack and can result in the complete bankruptcy of the company if there were not proper cybersecurity protocols in place to mitigate and/or prevent the attack. Ransomware is often spread through email spam or network attacks.
Phishing: This is when a malicious hacker attempts to steal personal information such as credit card information and social security numbers through a false/misrepresented digital message. Their goal is to trick unsuspecting persons into opening a link and/or application that will allow the hacker to gain access to everything they wanted. This is often accomplished using a message/link requesting response to a fake payment error and is often sent to business email accounts in order to gain access to the critical information of the entire business.
Password Hacking: If one's passwords are not complex enough, it can leave them vulnerable to password theft. Malicious hackers can easily develop a software that rapidly determines the correct passwords for what they are trying to gain access to. This is ultimately exponentially easier when the password is common and/or personal (such as birthdays, pet names, ect.). Hackers can also use a hash to steal the password they are looking to obtain. This means if the password they obtain is the same password for multiple accounts, applications, and programs they will also have access to those as well.
Cyber attacks are becoming increasingly more individualistic, targeting employees with click-enticing, interest-peaking false communications and links in order to ultimately enter the business’s critical systems. This is probably the most important reason why it is crucial to educate your staff on the dangers of compromising cyber threats, and how they should handle conniving cyber threats like phishing to prevent damage to the business.
Of course personnel is not the only thing that must be accounted for when considering the overall cybersecurity of the business, but they are a good place to start when reevaluating your security measures.
One of the things Crest recommends employers do with their employees is an annual cyber awareness training program, as personnel can tend to take the ‘out of sight out of mind’ stance when it comes to cybersecurity. There are plenty of free options available for this portion of the security process including a training program offered by Amazon and Curricula, not to mention the gargantuan ton of knowledge available on the internet that can be used to compile a cyber awareness training of sorts. That does not stop the lackluster attitude towards cybersecurity however, therefore it is also recommended that employees are given an update (from anywhere as frequent to every week to once a month) of cybersecurity threats and attacks happening throughout their industry. Hopefully this will keep employees more motivated to protect themselves and their businesses through vigilance in day to day online interactions.
Now if we're talking all the stops… all the bells and whistles of comprehensive cybersecurity for your small business… there are a few other things you should consider implementing for security:
Cyber Security Plan (Cyber Policy): In the event a cyberattack is carried out against your small business, you’ll want to have a holistic approach to how each department and individual handles their job. This is something that Crest Security Assurance specializes in, providing specific and guided advice for how to handle a variety of potential attacks.
Backup Data and Secure Cloud Use: In the event one of these cyber threats ends up wiping/stealing data, you’ll want to have your data stored in a safe place, known to few high level positions in your organizations. You'll want to use a widely trusted and multi-factor authentication service. Many are provided by large companies like Amazon, Microsoft, Google, and Apple.
Cyber Insurance: In the event an attack takes all of your critical data, shuts down all of your systems, or essentially causes irreversible financial damage to your company, it is helpful to have cyber insurance to help you pay for the damages inflicted. Now remember cyber insurance is only valid if you have implemented all of the necessary TECHNICAL requirements for keeping your business safe from cyber attacks, so you will also want to work with a cybersecurity firm like Crest, to set up the correct cybersecurity measures for your business and/or identify the vulnerabilities in your current systems.
That’s going to be about all the fundamentals every small business owner and employee should understand when it comes to their Information and Technology security. Visit Crest’s SERVICES page to learn more about what Crest can do to protect your business and mitigate its vulnerabilities.
