Most small and midsize business (SMB) owners exist in a bubble of blissful ignorance. They focus on the day-to-day operations of their organization, driving growth, facilitating hiring and guiding marketing, without a single thought given to the security of the computer networks these processes depend on. After all, they’re just the little guy – why would hackers go to the trouble of penetrating their systems for the minuscule amount of data they store?
And eventually, often after years of smooth sailing through calm seas, they get hacked, fork out thousands of dollars to malicious hackers and collapse beneath the weight of their own shortsightedness.
The facts don’t lie. According to Verizon’s annual Data Breach Investigations Report, a full 71% of cyber-attacks are aimed squarely at SMBs. And while it’s unclear exactly how many of these attacks are actually successful, with the sad state of most small businesses’ security protocols, it’s a safe bet that a good chunk of the attacks make it through.
But why? As Tina Manzer writes for Educational Dealer, “Size becomes less of an issue than the security network … While larger enterprises typically have more data to steal, small businesses have less secure networks.” As a result, hackers can hook up automated strikes to lift data from thousands of small businesses at a time – the hit rate is that high.
Today, trusting the security of your company to your son-in-law, who assures you he “knows about computers,” isn’t enough. It takes constant vigilance, professional attention and, most of all, knowledge. Start here with the four most common ways hackers infiltrate hapless small businesses.
1. PHISHING E-MAILS
An employee receives an e-mail directly from your company’s billing company, urging them to fill out some "required" information before their paycheck can be finalized. Included in the very professional-looking e-mail is a link your employee needs to click to complete the process. But when they click the link, they aren’t redirected anywhere. Instead, a host of vicious malware floods their system, spreading to the entirety of your business network within seconds, and locks everyone out of their most precious data. In return, the hackers want thousands of dollars or they’ll delete everything.
It’s one of the oldest tricks in the hacker toolbox, but today it’s easier than ever for an attacker to gather key information and make a phishing e-mail look exactly like every other run-of-the-mill e-mail you receive each day. Train your employees to recognize these sneaky tactics, and put in safeguards in case someone messes up and clicks the malicious link.
2. BAD PASSWORDS
According to Inc.com contributing editor John Brandon, “With a $300 graphics card, a hacker can run 420 billion simple, lowercase, eight-character password combinations a minute.” What’s more, he says, “80% of cyber-attacks involve weak passwords,” yet despite this fact, “55% of people use one password for all logins.”
As a manager, you should be bothered by these statistics. There’s simply no excuse for using an easy-to-crack password, for you or your team. Instead, it’s a good idea to make a password out of four random common words, splicing in a few special characters for good measure. To check the strength of your password, type it into HowSecureIsMyPassword.net before you make it official.
As described above, malware is often delivered through a shady phishing e-mail, but it’s not the only way it can wreak havoc on your system. An infected website (such as those you visit when you misspell sites like Facebook.com, a technique called “typosquatting”), a USB drive loaded with viruses or even an application can bring vicious software into your world without you even realizing it. In the past, an antivirus software was all that you needed. These days, it’s likely that you need a combination of software systems to combat these threats. These tools are not typically very expensive to put in place, especially considering the security holes they plug in your network.
4. SOCIAL ENGINEERING
As fallible as computers may be, they’ve got nothing on people. Sometimes hackers don’t need to touch a keyboard at all to break through your defenses: they can simply masquerade as you to a support team in order to get the team to activate a password reset. It’s easier than you think, and requires carefully watching what information you put on the Internet – don’t put the answers to your security questions out there for all to see.
We’ve outlined some of the simplest ways to defend yourself against these shady techniques, but honestly, the best way is to bring on a company that constantly keeps your system updated with the most cutting-edge security and is ready at a moment’s notice to protect you in a crisis. Hackers are going to come for you, but if you’ve done everything you can to prepare, your business will be safe.