Cyber Attacks on Small Businesses
Today small businesses rely on I.T. more than ever in their day-to-day operations. This means cyber attacks on Small Businesses are on the increase, typically because they are much easier targets than large corporations with big budgets for software development and attack protection developments.
As I.T. provides so many benefits within the workplace and working remotely, it is understandable that the average person who doesn’t know much about it can depend so heavily on it. They area also expected to use technology within their role as a Worker.
Many will think that, despite their heavy usage, they will never be targeted for a cyber-attack as they are a small business. Unfortunately, this dependency has led to cyber-attacks becoming more and more common, leaving small businesses without the resources and know-how extremely vulnerable to a cyber attack.
Cyber-attacks have a variety of immediate impacts
- Immediate financial loss.
- Financial loss leading to reduction in workers.
- Brand and repetitional loss both through the public and within the industry.
- Making rash and taking ill-thought actions in response to cyber ransoms
These are just a few examples that make it all the more important to protect against this threat.
Luckily, there are some simple and free solutions that can help every small business to be more secure against attacks.
The first solution is likely one you have heard before, but cannot be underestimated; strong passwords.
Strong passwords help immeasurably against most cyber-attacks as often they utilise ‘Brute Force’ measures which rely on the victim having a weak password.
The best way to ensure strong passwords is by having a password policy that will help in the creation of new, strong, passwords.
Some good rules to implement into this policy includes:
- Having a minimum of 10 characters
- Not using any dictionary words
- Changing passwords every 3 months
- Not including any personal relationship with the password (e.g. FootballTeam 1988)
- Include a variety of characters (e.g. ‘?’, ‘_’, ‘*’, ‘^’)
Following these rules will make brute force attacks near impossible against a small business’s accounts.
Another solution to protect small business from cyber-attacks is to ensure that software is up-to-date.
When a software company releases an update, it often contains fixes to known flaws in the software that attackers can exploit. By not updating software, people who just google these exploits will be able to attack a small business.
An example of this attack is the famous ‘wannacry’ attack on the NHS, possible through the NHS’s use of outdated software.
To protect against these attacks, frequently check up on the software you frequently use to ensure that you are using the latest version. For example your PC / laptop operating systems, your website, your cloud software (Accounting, CRM etc).
This can be done through google, in your device settings (often there is a scanning tool to find the latest update) or app store.
An attack that nearly everyone has likely attempted on them are ‘phishing attacks’ or as they are more commonly called, scam emails.
The purpose of these emails (and sometimes calls) are to trick the small business into clicking a link and/or providing sensitive information. These links often lead to ‘shady’ websites, or worse, viruses. The sensitive information is used to try and impersonate the victim to gain access to an account.
These attacks are very dangerous and effective as they can be performed extremely quickly to a large number of small businesses with little risk to the attacker.
The following are some indicators you should look out for in an email or call that will help identify phishing attacks:
- Is the email or call trying/causing you to be scared of a potential security issue, this is often done to get the victim to act irrationally?
- Does the emails name match with the company or organisation they claim to be with? Attackers will often use similar names that are only slightly different so be vigilant in checking them.
- Does the email or call come from a company that states that they will contact you?
- Is the email or call requesting you input any information you consider to be sensitive? (e.g. Email password, DOB, account numbers etc.)
- Does the email contain mistakes? These cyber-attacks come from around the globe and will frequently contain inconsistencies and spelling/grammar mistakes, often from translation.
If you are ever unsure about an email or call ask a trusted, more experienced, friend for advice and contact the company using an external link (NOT the links the email provides) to ask if it was really them.
For more information and advice, visit the NCSC Website