Do You Really Think You Aren’t A Target For Cybercriminals?
Don’t assume that the size or location of your business means you aren’t a target. In fact, cybercriminals are only becoming more focused in their attacks. Do you know how to protect yourself? 360 Smart Networks’ Marius Nel recently shared cybersecurity tips to help businesses like yours in the Atlanta Business Chronicle.
Whereas just a few years ago, cybercriminals were casting wide nets to find victims, today more and more of them are taking a more targeted approach. That’s bad news for small businesses that thought they might fly under the radar.
“If you’ve got the skills to do this, you’re not going to mess around with people with 10 employees,” said 360 Smart Networks CEO and Founder, Marius Nel, to the Atlanta Business Chronicle. “The best you can do there is encrypt their systems and get them to send you 1,500 bucks. If you’re capable of shutting down a company that does $10 million of revenue… now you’ve got real money.”
That’s why many cybercriminals aren’t taking a “shotgun” approach to their work anymore – instead, they’re becoming snipers. Ever heard of spear phishing?
Conventional phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and/or execute significant financial transfers.
With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data or crucial information.
However, whereas a lot of phishing attempts are sent out via mass email, spear phishing is the opposite. Instead of casting a wide net, the cybercriminal picks a single, high-value target. They do their research so that the email has the recipient’s name, position, company and other details correct. It may even appear to be signed by a real coworker or superior.
Regardless of how legitimate it seems, again, it can only be so accurate. At the end of the day, the cybercriminal is still just looking to infect the target with malware or trick them into giving away vital information.
This is just one way in which cybercriminals are becoming more focused in their efforts – what can you do about it?
3 Tips For Protecting Your Business
In the Atlanta Business Chronicle, Marius shared the following three tips for enhancing business security:
- Cybersecurity Awareness Training Security awareness training can help you (and your staff) know how to recognize and avoid being victimized by phishing emails and scam websites.You learn how to handle security incidents when they occur. If you are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.
A comprehensive cybersecurity training program will teach you how to handle a range of potential situations:
- How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
- How to use business technology without exposing data and other assets to external threats by accident.
- How to respond when you suspect that an attack is occurring or has occurred.
- Multi-Factor Authentication Multi-factor Authentication (MFA) is a superior way to keep your data more secure. MFA requires the user to utilize two methods to confirm that they are the rightful account owner. There are three categories of information that can be used in this process:
- Something you have: Includes a mobile phone, app, or generated code
- Something you know: A family member’s name, city of birth, pin, or phrase
- Something you are: Includes fingerprints and facial recognition
- Verify And Test Your Backups If you want your desktop files backed up, it’s your responsibility to make sure your cloud is doing so automatically. You must have a backup copy of your data if it’s stolen or accidentally deleted.Develop a Business Continuity & Disaster Recovery policy that specifies…
- What data is backed up
- How often it’s backed up
- Where it’s stored
- Who has access to the backups
Backup to both an external drive in your office and a remote, secure, online data center. Set backups to occur automatically. And make sure your backup systems are encrypted.
If you haven’t encountered a cybersecurity issue yet, don’t let that give you false confidence. The right move is to see to your cybersecurity now, and not try to handle damage control after you’ve been hit with malware.
Like this article? Check out the following blogs to learn more: