SMEs become target of cyber criminals
I posted last week about the dangers of sharing personal information on social media. Hackers are getting smarter, and social media scams have become more sophisticated.
You might think that it’s only the ‘big end of town’ that needs to watch out for hackers or any other kind of cyber threats. But government reports show that SMEs (small and medium enterprises) are increasingly being targeted by cyber criminals.
What makes SMEs particularly vulnerable to these threats is that most small business owners do not believe that they are in danger of being targeted.
Know the threat and be secured
There are various forms of cybersecurity threats that may target SMEs.
One technique that attackers use is social engineering. They will manipulate users into doing actions where they can gain access to company networks or get confidential information. This may lead to identity theft, fraud and other illegal acts.
In a recent incident Snapchat was victimised by social engineering, when one employee was tricked into disclosing sensitive payroll information to a scammer. The employee fell for a ‘spear phishing’ email which claimed to be from co-founder and CEO Evan Spiegel.
Spear phishing scams differ from ordinary phishing scams in that they target businesses using information specific to the business that has been obtained elsewhere. An email is sent to specific employees which appears to come from a legitimate source. The email contains information that they may expect to see from the sender, and will usually be about some critical issue that requires immediate attention.
The scammer’s aim is to convince you that the email requires urgent action by following a link to a fake website which will ask you to enter confidential company information, financial information or passwords.
What the receiver thought was just a normal process of account verification or payment instead may lead to bigger problems like data loss, website shutdown, or even revenue loss.
Protect yourself and your business
Here are some recommendations to protect your business and to avoid different security risks:
- Perform an audit of all sensitive and important information stored both in your on-premise and cloud storage. Who has access to it, and do they all need access?
- Keep your domain name registration information secure by using strong passwords, two-factor authentication or even biometrics.
- Ensure that your website hosting provider offers good security and transparent security features.
- Check provider credentials and contracts when using cloud services.
- Use reputable, up-to-date security software to reduce your risks of being affected by cyber-attacks initiated through communication systems – phone networks, email and messaging services.
- Automate a secured backup strategy for all your business data.
- When disposing of old computers and other data storage devices, remove the hard disks and destroy them. (Make sure you have backups for any important data you still need.)
- Educate your employees on good security habits for passwords, email attachments and social media usage.
- Create cyber security policies for your employees that clearly define how they are expected to behave online, and how data is shared and restricted. There should also be penalties for non-compliance.
Of course, Snapchat is just one example of larger companies being targeted. But it’s SMEs that are really the ones at risk because, for an SME, the impacts can be devastating.
The above list is by no means exhaustive; and your best bet is to apply common sense and due diligence in equal measure.
That’s where Proactive IT Solutions can help. We have over 10 years experience in helping SMEs secure their networks; and we’re aware of all the latest threats. The first step in securing your business network is to run a security review, which we can do for you at no cost.