Own a small business? Chances are that you are sick of hearing about phishing attacks, data breaches, and even ways to improve your cybersecurity. Sometimes, it seems like the small business cybersecurity threats we face change little as the decades march past; after all, we are still trying to build effective email virus filters. That’s not quite true, however. Each new year brings with it different threats and the necessity to continue educating your employees about cybersecurity. It’s important to reassess what are the current best cybersecurity practices for your small business.
For 2021, some of these attacks are brand new; others are enjoying a resurgence in popularity. All are dangerous. So let’s take a look at them and how you can protect yourself, your employees, and your business.
1. SMS Phishing
The rise of SMS phishing is one of the stand out trends of 2020 in the world of cybersecurity. It emerged as a surprise to many because the success rate of email phishing attacks has been declining. People were simply becoming more aware of this kind of hacker tactic.
It seems, however, that merely changing the media through which phishing messages are delivered – from email to short text messages – has managed to fool a lot of people for the time being. This is likely because we are simply not accustomed to SMS messages as a carrier for spam or malicious purposes. Instead, SMS messages typically deliver an inherently personal feel (because we are used to receiving them from friends). Or an official one because they are also used for MFA (multi-factor authentication) by online banking systems.
Even though the delivery system is novel for this purpose, it doesn’t mean that new tools are needed to fight it. If you are following best business practices by training your staff on how to spot a phishing attack, highlighting that they can also arrive via SMS should be enough to protect most staff members from falling for this “new” small business cybersecurity threat.
2. Sophisticated Ransomware
Ransomware is another type of that – in itself – isn’t new. (For those of you who haven’t heard of ransomware before, it is a form of malware. It encrypts your data and then demands a ransom for it to be released.) However, in 2020 we saw the emergence of new, sophisticated forms of malware that were a step above anything we’d seen before.
The initial primary targets of these novel types of malware were large companies with plenty of sensitive data to steal and also plenty of money to pay to get it back. The rise in ransomware was one of the reasons why the cost of data breaches has risen; a 2018 report by IBM showed a global average cost of a data breach as $3.86 million dollars. The 2019 report lists a global average cost of $3.92 million per breach. So…still climbing and now targeting small to medium sized businesses as well.
For small businesses, protecting systems against ransomware means relying on your various cybersecurity software vendors. This includes ensuring that your antivirus and firewall protections are up to date, as well as tracking performance against the competition. If you find that your brand lags, change who you do business with.
3. Deepfake Videos
Deepfake videos were a viral sensation in 2019 and went mainstream in 2020. The chances are good that you’ve seen one of these videos by now, particularly if you live in the USA, where the recent election ramped up production considerably.
Long viewed as either a nuisance or a threat to democracy – depending on the commentator – there is now a growing consensus that deepfake videos are also dangerous in terms of small business cybersecurity threats. Software is available that allows hackers to create videos to trick business owners or employees into giving up valuable information. This might include the passwords to your most important systems.
To make matters worse, there is little that small business owners can do to combat this kind of attack other than ratcheting up their general suspicion level. Besides that, focus on putting in place rigorous response mechanisms.
4. Spoof Accounts
Fake social media accounts are another type of “soft” threat that has emerged alongside deepfake videos. The idea here is that a hacker will set up a convincing but fake Facebook account. Then, befriend your employees, and use this “friendship” to extract important, sensitive, and lucrative information from them.
The use of fake social media accounts is one technique that forms part of an extended playbook of advanced social engineering tactics. This approach has spiked in the last few years; it involves attackers taking a long-term approach to gaining the trust of their victims.
For small businesses, the best defense against this type of attack is detailed, regular training of staff on how to spot phishing attacks and how to retain the correct level of suspicion. You should also take the time to report any fraudsters you come across to the relevant authorities. This prevents repeat attacks on your own business and protects others.
5. Insider Threats
Finally, insider threats. The sad reality today is that the biggest risk to your company might be the people you employ. With more money than ever moving around the Dark Web, some hackers are taking a less technical approach and resort to paying employees to reveal passwords that can then be used to gain unauthorized access to business systems.
Combating this type of threat requires that you balance trust and paranoia. It’s important to stay vigilant and quickly identify any unusual staff activity that might indicate there is malevolent intent afoot. While it’s probably not a good idea to go completely Big Brother with employee surveillance, a degree of healthy suspicion is actually necessary to keep them safe.
The Bottom Line
The bottom line is this: no matter how well you are protected, your business is going to get hacked (or at least vigorously attacked) at some point. So while you should definitely be aware of these small business cybersecurity threats and take the measures above to protect yourself, if you haven’t yet been compromised expect that 2021 might be the year it happens. Familiarize yourself with the correct response to a data breach as well as how to avoid one happening in the first place.