A Cyber Criminal Knows How to Find You
As a small business owner, maintaining cyber security is one of the multiple tasks on your long to-do list. You know cybercrime is a real threat, but you don’t have endless resources at your disposal to pour into security. Criminals know this. It’s a weak spot they exploit. By targeting small business, they can swiftly wreak havoc, particularly if they see your business as a doorway into the lucrative networks of larger clients and suppliers.
You might not think of your business as a target because the amount of money up for grabs might be far less lucrative than a larger company. But unfortunately, the sheer number of vulnerable small to medium enterprises (SMEs) is all too tempting for criminals. According to the ASBFEO Small Business Cyber Security Best Practice Guide, small business is the target of 43% of all cybercrimes. In 2017, there were attacks on 1 in 4 Australian SMEs (Norton’s Cyber Security Survey).
The sad reality is that any business using the internet is at risk and relying solely on antivirus software to keep you safe is no longer enough. Below are just a few of the security threats you might face.
Phishing is messages sent by cyber criminals to try and trick you into divulging personal information. They might appear as emails, phone calls, texts or through social media, but their intent is the same – to get you to hand over banking and personal details.
Test – if your staff members were sent an email from an unknown source and asked to click on an authentic-looking link or download a branded attachment, would they do it? Or would they be on guard that this is a potential phishing scam?
Ransomware can enter your system when a phishing email or suspicious advertisement is clicked on. Your data is quickly encrypted and your content locked, so you’re unable to access your network and devices. Hackers then demand payment in exchange for restoring access. Every 40 seconds, a business is hit somewhere around the globe. One in five small business don’t get their data back even after they’ve paid the ransom.
Test – How long has it been since you’ve backed up your critical data on a separate device? Do you know that the first step, when infected by ransomware, is to disconnect your computer from the network and turn it off to stop the attack from spreading?
Ransomware is just one of the many types of malware – malicious software which spreads trojans, worms and spyware. Unbeknown to you, this software installs on your computer, allowing the cybercriminal to access your files. From here, they can take your identity and authorise purchases on your credit card or open accounts in your name.
Test – with ‘mobile’ malware a growing problem, does your business have a security plan on your mobile devices involving device management and accessibility?
- Remote access scam
A scammer pretending to be from a telecommunications or computer company tries to convince you to buy software to fix a problem with your computer or broadband connection. They aim to trick you into giving remote access to your computer and paying for a service you don’t need.
Test – would one of your staff members give an unsolicited caller remote access to your computer?
- Invoice email scam
A scammer pretending to be a supplier notifies you about changes to their account payment details. You update your accounts, not realising that you will be paying a scammer instead of your supplier.
Test – Do you have processes in place to ensure you pay the right suppliers? Never do business with a company without first checking out they are legitimate, with a registered address and directors. A SwiftCheck Credit Report is a simple way to adopt these safeguard checks as part of your standard payment processes.
What's at risk?
As you can see from this lengthy list of scams, cyber-attacks put your confidential data and financial security at risk. When hackers enter your network, they can have a devastating impact on your business. Imagine the effect of criminals achieving access to your banking and credit card details, customer and employee records, product designs, intellectual properties, business plans and ideas.
Nearly a quarter (22%) of the SMEs that suffered a ransomware attack in 2017 ended up going out of business, according to the ASBFEO Small Business Cyber Security Best Practice Guide. Enforced downtime is one of the most destructive impacts of a cyber-attack, with many SMEs not able to continue operating without access to critical information. The costs of getting a business back on its legs and the reputational damage are considerable blows to bear.
The Business.gov.au website contains comprehensive resources on cyber security.
Stay tuned next issue: How to protect your business from cyber threats.
Feel comfortable with the suppliers and customers you do business with. Use a SwiftCheck credit report to find out the creditworthiness of a prospective customer or supplier, and if they are registered and solvent.