Before computers ruled the world there were two major types of business security concerns: scammers who tried to get your liability insurance money and competitors looking for an edge. These days, hackers will take a piece out of a company just because they noticed its existence.
Beneath the undercurrent of faceless malevolence and active business targeting for financial gain, what was once a seemingly harmless collection of spamming and spyware has become a devastating wave of cyber-attacks seeking to steal from or extort businesses on a regular basis. It’s no longer safe to assume that just because you are a small business or an unglamorous industry that your company is safe. These days even private computer owners are locking up their networks for fear of having all their family photos encrypted and held for ransom.
How should you prepare your business to withstand a cyber-attack? It’s best to fortify your business network with everything you can find; but it also helps to know the threats. As a quick refresher, here are the top three most recent cybersecurity threats to modern businesses and what you can do about them.
1. The Ransomware Epidemic
Ransomware is a nasty trend that started several decades ago and has become more malicious in recent years. This was an early introduction to the idea that hackers can not only ruin your day and your computer, they can also take your money directly. When a computer or system is infected with ransomware it:
- Locks your computer;
- Encrypts files on your computer;
- Encrypts files on connected network drives;
- Spreads itself through your network to infect other computers and servers; and,
- Displays a message demanding payment in a crypto-currency within a given amount of time or all your precious files will be deleted.
How to Handle It:
First and foremost, it is frowned upon to pay the ransom and definitely DO NOT try to decrypt your files. These are fool’s errands and are both likely to wind up with your files deleted. Because you can’t trust the hacker either way, your best defense to recover from ransomware is a comprehensive backup. Get both a daily backup of all your active files and a whole-system configuration backup. This way, if you get infected you can wipe your compromised machines then recover from backup and be back to work within hours instead of weeks.
2. The Credit Card Scams
Another wave of recent and surprisingly vicious cyber attacks has impacted the payment industry. Credit-card processing merchants (ie: everyone) are at risk. Hackers use a variety of attacks including:
- Invading guest WiFi networks;
- Phishing customer service employees;
- Pretending to be customers to establish communication; and,
- Planting physical skimmers on PIN entry devices.
How to Handle It:
The payment card industry takes credit (and debit) card number and personal information theft very seriously and so should you! To protect your customers and your company against this kind of attack, start by encrypting your devices. Next, as a business who accepts or processes credit card information, start working your way towards PCI-Compliance.
3. Business IoT Botnets
The most recent and increasingly relevant cybersecurity concern is IoT (Internet of Things) devices. The age of the ‘smart office’ is upon us and many businesses have already enjoyed installing devices such as WiFi security cameras, smart lights, smart coffee machines, and smart thermostats.
The biggest concern with IoT devices is that the majority are designed with zero security standards. Many can’t be software upgraded, meaning any existing security holes are permanent. Others have default admin login credentials that can’t be changed and are well known to hackers. Cyber-criminals have started to take advantage of these security issues and are increasingly able to take advantage of them. One recent IoT attack used known security loopholes to DDoS several major websites.
How to Handle It:
The most effective way to prevent your devices from going Skynet in your office is to put them on their own separate network. Using a VLAN, create a network segment specifically for your IoT devices and use firewall rules to prevent them from “talking to” your business network and devices.
The modern world is full of cyber threats to your business. Fortunately, with the right attitude about backups and with some help with computer networking, your company can be reasonably safe from malware and ransomware. Remember to monitor your backups, run your software security updates, and consider using Managed IT Services to actively protect your business from cyberthreats.