The Four Most Common Cyberattacks on Small Businesses (and How to Stop Them)
In the past decade, there have been several high-profile cyberattacks on large organizations. In 2013, for example, Target saw 40 million credit and debit card transactions stolen by hackers in the span of a couple weeks during the Christmas shopping season. That spectacle was soon replaced by larger enterprise cyberattacks like the one that hit Anthem in early 2015.
While large organizations continue to be targeted in this way, small businesses have also become a target of choice in recent years because of their relatively lax cybersecurity. Small businesses may feel they aren’t valuable targets to cybercriminals, and this was true in the past. Unfortunately, developments in the threat environment have made small organizations a prime target of several kinds of attacks. In 2017 SCORE, an organization that mentors small businesses, estimated that 43% of cyberattacks targeted small businesses.
The good news is there are common-sense defenses that small businesses can put in place to reduce their security risks. In this article, we’ll cover the four most common cyberattacks that hit small businesses today, and what they can do to prevent them.
1. Ransomware Attacks
This new type of malware is downloaded onto computers through network hacks or tricking employees to click links in fake emails. Once ransomware is installed on a computer, the program searches for valuable data files and encrypts them with strong encryption that can’t be decoded without a key. The program then informs the user that their data has been hijacked and directs them to pay a ransom to get it decoded. The hackers collecting these payments often never release the encrypted data.
What’s the best defense against this attack? Ransomware usually finds its way onto a business’ computers through phishing emails. Training employees not to click suspicious links will help to defend against it. Anti-malware software can also stop most infections from taking place. A prudent safeguard is also to frequently backup critical data so that ransomware demands aren’t as damaging.
2. Online Banking Fraud
Another type of cyberattack that small businesses face are attacks which steal financial account credentials. Malware is sometimes used to record the username and password typed by a computer user when at a banking website. Phishing attacks are also employed to direct email recipients to fake login pages for their bank. Cybercriminals sometimes go as far as calling employees and posing as executives demanding wire transfers be made from company accounts.
What’s the best defense against these attacks? Again, email links and malicious banner ads on websites are the most common way of infecting computers will malware. Training employees to spot suspicious activity and emails is the first defense. Organizations should also create security measures to prevent phone fraud like spoken passwords. Lastly, financial account credentials should be changed often to prevent an unknown breach from persisting for a long period of time.
3. Macro Malware Attacks
Yet another avenue for malware infection are macro scripts embedded into files created with programs like Microsoft Word and Excel. These macros are usually programmed to download a malicious payload from the Internet when a user opens the file in the background. The malware that’s installed can serve any number of purposes from stealing data from the computer it infects to searching for an administrator’s password on the network. When a computer is infected in this way, the entire network can quickly become compromised.
What’s the best defense against this attack? Typically, the files infected with malicious macros come from outside sources. Employees should be trained not to trust any outside source unless it’s a known and verified address. It’s also prudent to disable macro support in Microsoft applications on computers that don’t need to use them.
4. Point of Sale Malware
The same type of attack that hit Target in 2013 has become more common among small businesses and franchises in the retail sector. Restaurants, hotels, and stores with point of sale machines can be infected with malware which steals customer transaction data. That data is then sold on the black market. Sometimes credit cards are physically duplicated, or the information is used to make fraudulent online purchases.
What’s the best defense against this attack? Point of sale malware is usually installed after hackers gain full access to the business network. In order to do that, they need to guess, find, or steal network administrator credentials. It’s important to review all user account passwords and replace them with strong passwords periodically, especially in the case of administrator accounts. Anti-malware software is another a strong and relatively inexpensive defense measure. Organizations should also keep all computer operating systems and applications up to date with the latest security patches.
The Bottom Line
Small businesses have been targeted in recent years as large enterprises harden their defenses and become more difficult to breach. With the increasing sophistication of hacking techniques to distribute malware around the world, small organizations need to take cyber security as seriously as larger companies.
The good news is that with employee training and common-sense precautions, cyberattacks can be prevented, and their cost mitigated when they do happen. Small companies should consult with security experts, such as Outsource IT, to ensure their networks are hardened against attacks aimed at their systems. Outsource IT can help small businesses guard against phishing schemes and other common methods of spreading malware, in addition to setting up precautions and patching software to provide a solid defense. Contact us today to learn more.