In a recent article in Information Week, Robert Lemos outlined a list of serious cyber threats that small and medium-sized businesses should not ignore. We’ve all read about the targeted attacks on large enterprise organizations that end up costing companies like Sony and Citibank millions. In fact, the PlayStation breach was estimated to cost Sony over a billion dollars in direct and indirect losses. These are scary stories for any organization, but even a billion dollar loss is not enough to sink Sony. That’s not true for SMBs. What is worse, cybercrime syndicates are just as likely to target a smaller company that may be considered an easy mark, than go after a giant like Sony. Criminals may presume that a smaller organization is less likely to have sophisticated security solutions in place. And a serious attack can result in losses from which some SMBs never recover.
Here are five of the threats that SMBs should put on their radar.
1. Targeted Attacks
These are attacks aimed at a single business or organization and can include a variety of tactics such as introducing malware like bots or Trojans into your network. Bots are autonomous software that can be joined with others to form botnets. Once activated, they can be manipulated to commandeer your businesses computers. Delivering the bot is often done using “lures”, emails appearing to come from someone the victim knows. Once opened, the bot may hide in the network for days or even months until it “phones homes” to command and control outside your network. Once engaged, the bot can be given instructions to replicate itself, creating a huge botnet herd that can now do the cybercriminals bidding – like stealing your sensitive customer information or other proprietary data. It’s imperative that you have technology in place that can spot these intrusions both before they can come in – as with email security technology – and before they can phone home – real-time botnet defense.
2. Internal Data Leaks
Employees going about their busy work day can sometimes forget security best practices such as never opening attachments or email links if you don’t recognize the sender. Once an employee opens the email, cyber criminals can grab one password and use it to access all the passwords in your system. This mistake, offers criminals easy access to the company’s proprietary data and much harm can be done before you even know there is a breach. In another scenario, a disgruntled employee can willfully circumvent security and cause even greater damage. The best solution for this is one that includes comprehensive training for employees to avoid inadvertent data loss accompanied by a strong AUP. Of course, enforcing the AUP with technology is critical for SMBs if you are serious about protecting your data.
3. Infected Websites
The author points out that many smaller businesses put up websites, which in some cases are only online brochures, and then forget about them. He warns that SMBs need to make sure their websites have not been compromised and used to launch criminal attacks. According to recent studies, over 60% of websites that deliver malware, are actually legitimate sites that have been compromised. You need to assure that your website doesn’t degrade your brand name by becoming a source of problems for visitors.
4. Remote and Mobile Users
Although the BYOD craze (bring your own device) has been around awhile, SMBs may not be paying enough attention to the devices that access their networks every day. The danger that malware and other unwanted agents will invade your network via an unsecured mobile device should be a concern, particularly for smaller companies. Although Google reports that the number of users infected through the Google Play store has gone down nearly 40% in the past year – primarily as a result of their application vetting system, called Bouncer, your company Wi-Fi network is likely to carry risks. You should make certain you have the tools and technology to secure your endpoints.
5. Brand Damage
For companies worldwide, social media has emerged as a double-edged sword. On one hand, it can be a powerful tool to help connect you with customers, vendors, partners and prospects. It can also provide an efficient way for your employees to communicate and collaborate. However, there are substantial risks involved, including brand damage, which can be intentional or inadvertent. You may want to give your employees access, particularly your sales and marketing people, in order to reap the benefits of social media. These can include revenue growth, increased marketing efficiency and lower cost of doing business. But you also need to keep in mind the importance of your brand reputation. Damaging your brand through inappropriate social media content can undermine all the work you’ve done to build your brand equity. Don’t get caught up in the advantages of social media without being aware of the risks. Technology that helps you grant access to social media in the workplace while mitigating the risks, will give you the best of both worlds.