Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want? Didn’t think they even knew about your small business.
Well, a new report by the cybersecurity firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security.
Barracuda Networks found something alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.
Why Are Smaller Companies Targeted More?
There are many reasons why hackers see small businesses as low-hanging fruit and why they are becoming larger targets of hackers out to score a quick illicit buck.
Small Companies Tend to Spend Less on Cybersecurity
When you’re running a small business, it’s often a juggling act of where to prioritize your cash. You may know cybersecurity is important, but it may not be at the top of your list. So, at the end of the month, cash runs out, and it’s moved to the “next month” wish list of expenditures.
Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus program and think that’s enough to cover them. But with the expansion of technology to the cloud, that’s just one small layer. You need several more for adequate security.
Hackers know all this and see small businesses as an easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation.
Every Business Has “Hack-Worthy” Resources
Every business, even a 1-person shop, has data that’s worth scoring for a hacker. Credit card numbers, SSNs, tax ID numbers, and email addresses are all valuable. Cybercriminals can sell these on the Dark Web. From there, other criminals use them for identity theft.
Here are some of the data that hackers will go after:
- Customer records
- Employee records
- Bank account information
- Emails and passwords
- Payment card details
Small Businesses Can Provide Entry Into Larger Ones
If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies. This can include digital marketing, website management, accounting, and more.
Vendors are often digitally connected to certain client systems. This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus. They can get two companies for the work of one.
Small Business Owners Are Often Unprepared for Ransomware
Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organizations experienced ransomware attacks.
The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.
Even if a hacker can’t get as much ransom from a small business as they can from a larger organization, it’s worth it. They often can breach more small companies than they can larger ones.
When companies pay the ransom, it feeds the beast and more cyber criminals join in. Criminals who are newer to ransomware attacks will often go after smaller, easier-to-breach companies.
Employees at Smaller Companies Usually Aren’t Trained in Cybersecurity
Cybersecurity Training is another thing is usually not too high on the list of priorities for a small business owner. They may be doing all they can just to keep good staff. Plus, priorities are often sales and operations.
Training employees on how to spot phishing and password best practices often isn’t done. This leaves networks vulnerable to one of the biggest dangers, human error.
In most cyberattacks, the hacker needs help from a user. It’s like the vampire needing the unsuspecting victim to invite them inside. Phishing emails are the device used to get that unsuspecting cooperation.
Phishing causes over 80% of data breaches.
A phishing email sitting in an inbox can’t usually do anything. It needs the user to either open a file attachment or click a link that will take them to a malicious site. This then launches the attack.
Teaching employees how to spot these ploys can significantly increase your cybersecurity. Security awareness training is as important as having a strong firewall or antivirus.
Need Affordable IT Security Services for Your Small Business?
Reach out today at 716-373-4467 x 115 or email@example.com to schedule a technology consultation. We offer affordable options for small companies. This includes many ways to keep you protected from cyber threats.
Article used with permission from The Technology Press.
Approximately 34% of businesses take a week or longer to regain access to their data and systems once hit with a malware attack.
Malware is an umbrella term that encompasses many different types of malicious code. It can include:
- Key loggers
- And more
The longer that malware sits on your system unchecked, the more damage it can do. Most forms of malware have a directive built in to spread to as many systems as possible. So, if not caught and removed right away, one computer could end up infecting 10 more on the same network in no time.
Early detection is key so you can disconnect an infected device from your network and have it properly cleaned by a professional.
Keep an eye out for these key warning signs of malware infection so you can jump into action and reduce your risk.
Strange Pop-Ups on Your Desktop
Some forms of malware can take on the disguise of being an antivirus app or warranty notice that pops up on your screen. Hackers try to mimic things that users may have seen from a legitimate program, so they’ll be more apt to click without thinking.
If you begin to see a strange “renew your antivirus” subscription alert or a warranty renewal that doesn’t quite make sense, these could be signs that your PC has been infected with adware or another type of malware.
New Sluggish Behavior
Computers can become sluggish for a number of reasons, including having too many browser tabs open at once or running a memory-intensive program. But you’ll typically know your computer and the types of things that slow it down.
If you notice new sluggish behavior that is out of the ordinary, this could be an infection. One example would be if you don’t have any programs open except notepad or another simple app, and yet you experience freezing.
When malware is running in the background, it can often eat up system resources and cause your system to get sluggish.
Applications Start Crashing
Applications should not just crash out of the blue. There is always a reason. Either the software is faulty, there’s been an issue with an update, or something else may be messing with that application’s files.
If you suddenly experience apps crashing, requiring you to restart the app or reboot your system, this is another telltale sign that a virus, trojan, or other malicious code has been introduced.
Your Browser Home Page is Redirected
If you open your browser and land on a homepage that is not the one you normally see, have your PC scanned for malware right away. Redirecting a home page is a common ploy of certain types of malware.
The malware will infect your system and change the system setting for your default browser home page. This may lead you to a site filled with popup ads or to another type of phishing site.
Just trying to change your homepage back in your settings won’t fix the situation. It’s important to have the malware removed.
Another annoying trait of certain types of malicious code is to make your system reboot without warning.
This can cause you to lose the work you’ve just done and can make it difficult to get anything done. This may happen when malware is changing core system files behind the scenes. With files corrupted, your system becomes unstable and can often reboot unexpectedly.
You’re Missing Hard Drive Space
If you find that a good deal of your hard drive space that used to be open is now gone, it could be a malware infection taking up your space. Some types of malware may make copies of files or introduce new files into your system.
They will cleverly hide, so don’t expect to see the word “malware” on a file search. Instead, the dangerous activities will usually be masked by a generic-sounding name that you mistake for a normal system file.
You Run Across Corrupted Files
If you open a file and find it corrupted, this could be a red flag that ransomware or another form of malware has infected your system.
While files can occasionally become corrupt for other reasons, this is a serious issue that deserves a thorough malware scan if you see it.
PC “Processing Sounds” When There Shouldn’t Be
Most of us are familiar with those “thinking sounds” when our computer is processing something memory intensive. You’ll usually hear a type of whirring that will go away once you finish that activity.
If you begin hearing this processing sound when you’re not doing anything particularly intense on your computer, this could be a sign that malware is running in the background and it should be checked out.
Free online malware and virus scans are not always very reliable. We recommend working with a managed services provider like Databranch to ensure your entire system is cleaned properly and that detection tools are put into place to alert you to potential malware. Contact Databranch today at 716-373-4467 x 15 or firstname.lastname@example.org, or submit the form below, if you would like to enhance your security and review our Foundation Security platform for your business.
Request your Free Baseline Security Assessment here:
Article used with permission from The Technology Press.
In 2020, 75% of companies around the world experienced a phishing attack. Phishing remains one of the biggest dangers to your business’s health and wellbeing because it’s the main delivery method for all types of cyberattacks.
One phishing email can be responsible for a company succumbing to ransomware and having to face costly downtime. As many as 92% of data breaches are due to human error such as falling for a phishing email. This can result in a user unknowingly handing over the credentials to a company email account that the hacker then uses to send targeted attacks to customers.
Phishing takes advantage of human error, and some phishing emails use sophisticated tactics to fool the recipient into divulging information or infecting a network with malware.
Mobile phishing threats skyrocketed by 161% in 2021.
Your best safeguards against the continuous onslaught of phishing include:
- Email filtering
- DNS filtering
- Next-gen antivirus/anti-malware
- Ongoing employee cybersecurity awareness training
To properly train your employees and ensure your IT security is being upgraded to meet the newest threats you need to know what new phishing dangers are headed your way.
Here are some of the latest phishing trends that you need to watch out for in 2022.
PHISHING IS INCREASINGLY BEING SENT VIA TEXT MESSAGE
Fewer people are suspicious of text messages than they are of unexpected email messages. Most phishing training is usually focused on the email form of phishing because it’s always been the most prevalent.
But cybercrime entities are now taking advantage of the easy availability of mobile phone numbers and using text messaging to deploy phishing attacks. This type of phishing (called “smishing”) is growing in volume.
People are receiving more text messages now than they did in the past, due in large part to retailers and service businesses pushing their text updates for sales and delivery notices.
This makes it even easier for phishing via SMS to fake being a shipment notice and get a user to click on a shortened URL.
BUSINESS EMAIL COMPROMISE IS ON THE RISE
Ransomware has been a growing threat over the last few years largely because it’s been a big money-maker for the criminal groups that launch cyberattacks. A new up-and-coming form of attack is beginning to be quite lucrative and thus is also growing.
Business email compromise (BEC) is on the rise and being exploited by attackers to make money off things like gift card scams and fake wire transfer requests.
What makes BEC so dangerous (and lucrative) is that when a criminal gains access to a business email account, they can send very convincing phishing messages to employees, customers, and vendors of that company. The recipients will immediately trust the familiar email address, making these emails potent weapons for cybercriminals.
Enabling Multi-Factor Authentication (MFA) is one of the best ways you can protect yourself and your business from BEC. Reach out to Databranch with any questions or if you would like assistance setting up MFA for your companies users.
SMALL BUSINESSES ARE BEING TARGETED MORE FREQUENTLY WITH SPEAR PHISHING
There is no such thing as being too small to be attacked by a hacker. Small businesses are targeted frequently in cyberattacks because they tend to have less IT security than larger companies.
43% of all data breaches target small and mid-sized companies, and 40% of small businesses that become victims of an attack experience at least eight hours of downtime as a result.
Spear phishing is a more dangerous form of phishing because it’s targeted and not generic. It’s the type deployed in an attack using BEC.
It used to be that spear-phishing was used for larger companies because it takes more time to set up a targeted and tailored attack. However, as large criminal groups and state-sponsored hackers make their attacks more efficient, they’re able to more easily target anyone.
A result is small businesses receiving more tailored phishing attacks that are harder for their users to identify as a scam.
THE USE OF INITIAL ACCESS BROKERS TO MAKE ATTACKS MORE EFFECTIVE
We just discussed the fact that large criminal groups are continually optimizing their attacks to make them more effective. They treat cyberattacks like a business and work to make them more profitable all the time.
One way they are doing this is by using outside specialists called Initial Access Brokers. This is a specific type of hacker that only focuses on getting the initial breach into a network or company account.
The increasing use of these experts in their field makes phishing attacks even more dangerous and difficult for users to detect.
BUSINESS IMPERSONATION IS BEING USED MORE OFTEN
As users have gotten savvier about being careful of emails from unknown senders, phishing attackers have increasingly used business impersonation. This is where a phishing email will come in looking like a legitimate email from a company that the user may know or even do business with.
Amazon is a common target of business impersonation, but it also happens with smaller companies as well. For example, there have been instances where website hosting companies have had client lists breached and those companies sent emails impersonating the hosting company and asking the users to log in to an account to fix an urgent problem.
More business impersonation being used in phishing attacks mean users have to be suspicious of all emails, not just those from unknown senders.
IS YOUR COMPANY ADEQUATELY PROTECTED FROM PHISHING ATTACKS?
It’s important to implement a multi-layered security strategy to defend against one of the biggest dangers to your business’s wellbeing, phishing attacks. Contact Databranch today at 716-373-4467 x 15 or email@example.com if you would like to learn more about what options are available to improve your organizations cybersecurity. Our Foundation Security Plan offers a wide variety of benefits such as increasing malware/ransomware protection, reduces phishing compromises, and helps prevent data theft/loss.
To request a free Baseline Security Assessment, click here.
Article used with permission from The Technology Press.