Protecting small businesses from cyber threats

Armed with the right technology and knowledge, small businesses don’t have to be vulnerable targets for cyberattacks, writes Aaron Bugal. Taking a proactive approach to cybersecurity is key to keeping businesses protected.

As technology becomes more accessible, small businesses have chosen to invest in digital transformation in one way or another. The move to online and cloud is a smart one, but it’s essential the network is adequately protected. Across the board, it appears small business owners have a belief that cybercriminals won’t come for them; a ‘bigger fish to fry’ sort of mentality. Unfortunately, this is not the case. In fact, this very psychology is what places small businesses at risk.

Why small businesses?

Cybercriminals are cunning and manipulative; they’re aware that small business owners, more often than not, do not invest in cybersecurity technologies and therefore are easy targets. Sure, they’d be able to steal more money from larger organisations, but that means breaking through a more robust cybersecurity system. Targeting a vulnerable small business means it’s an easy job, even if the reward isn’t as steep. Think of it this way – if you were going to rob a house, would you try the small house where the door was left unlocked or would you attempt to break through layers of locks, alarms and cameras to get into the mansion?

Same old tricks, new threat opportunities

Small businesses work with limited resources and rarely have a dedicated IT or cybersecurity team. This makes them easy prey particularly in times of national crisis. Take the recent COVID-19 pandemic as an example; cybercriminals have had a field day with this. Businesses have needed to navigate government mandated lockdowns, forcing workers to operate remotely and for many, this posed significant cybersecurity risks. With staff operating on multiple networks and interacting on different devices, visibility and control can be difficult.

Additionally, staff were forced online very quickly, using tools that are foreign to them without proper security in place. Unfamiliarity with the platform makes it difficult to spot errors or inconsistencies that would typically raise red flags. Unfortunately, cybercriminals know this and have exhausted every effort to capitalise on it.

Zoom is a prime example. In March, ‘ZoomBombing’ became a well-known phrase as cybercriminals invaded zoom conferences and shared vulgar content using the screen sharing function. In April, Zoom passwords were up for sale on the Dark Web and later that month, the platform was referenced in a phishing email, claiming there was a performance review meeting with HR in a few minutes. The link in this email looked almost identical to the Zoom link and was designed to phish login details from its victims.

Protecting your business

While cybercriminals have used the COVID-19 pandemic to deploy ransomware and phish people, the reality is, that’s just their latest tactic. They won’t disappear when coronavirus does and they won’t stop, they’ll simply capitalise on something else. So, as a small business owner, what can you do to protect your organisation?

Invest in the right protective cybersecurity technology: A robust cybersecurity posture starts with technology so be sure to find one that fits your needs and implement it as soon as possible. This enables business owners and employees to get back to what they’re best at, whether that be sales or generating profitable leads for your business. From there, the experts will have visibility over your network, allowing them to thwart threats and keep your business’ valuable data safe.
Create a cyber-aware culture among staff and train them to identify basic threats: Phishing and ransomware emails rely on the naivety of the person on the other end so investing time into creating awareness will ultimately pay off. Sometimes, the signs are obvious, staff just need to know what to look for.
Go back to basics: Good password hygiene is a severely underrated practice; don’t let that fool you into thinking it’s not important. Ensuring different passwords are used for different websites is an efficient risk mitigation tactic and can contain issues that arise as the result of falling victim to a phishing scam. If criminals manage to get their hands on your Gmail logins, will they then have access to your banks, phone and social accounts too? By choosing different (and strong) passwords for your accounts, threats can be contained with minimal damage.

Armed with the right technology and knowledge, small businesses don’t have to be vulnerable targets for cyberattacks. Taking a proactive approach to cybersecurity is key to keeping businesses protected, regardless of what tactic is deployed.

Aaron Bugal is Global Solutions Engineer at Sophos.