In honor of the NFL Season kicking off, I am hoping you won’t mind a few football references. In the game of business, most employees find themselves on the offensive side of the ball. Looking for ways to better serve customers, improve sales, and ultimately grow the business.
And while you are focused on making strategic moves to see that your business can be successful, your game plan can get sidetracked when a malicious player (or hacker) tries to steal sensitive company data and financial information.
Like an onside kick, this may come as a surprise to you, but your small business is actually a prime target for cyber criminals. Between 2017 and 2019, small businesses experienced a 424% increase in cyber attacks (as per analysis by 4iQ, a cybersecurity firm)—a sign of things to come. To clarify, small businesses make up 99.7% of all employers in the United States of America and have become a primary objective for eager hackers. Hackers understand that most small businesses lack sophistication and preparedness in cybersecurity defenses and training making it well worth their time to pursue lesser known companies.
Fortunately, business owners are beginning to become more aware of the risks they face on a daily basis. Nearly 65% of SMBs are planning to increase their time and money investments in cybersecurity over the next 12 months. As attempts to breach small businesses grow in frequency, business owners and CEOs understand that the future success of their companies may very well depend on the strength of their cybersecurity. With a variety of clever tools in a cyber criminals arsenal, if you are “late to the game” and have not yet prioritized cybersecurity or made the appropriate investments in network security, it’s only a matter of time before hackers blitz your defenses.
The following are two popular scamming methods used by hackers that your business should be aware of and prepared to tackle this Fall.
Phishing
Your employees and even you can serve as a hacker’s keys to the kingdom—your network. Cyber criminals know that tricking you into handing over sensitive information is MUCH easier than getting around your cybersecurity protections.
Here’s how it goes...
A busy, careless, or unsuspecting employee (take your pick) is sent an email in hopes that it will be opened just like any other email and they will follow the instructions inside without thinking twice about it. To put this in perspective, this happens 135 million times each day. These emails typically include an attachment or link that when clicked will have costly and malicious outcomes.
In the case of an attachment, after the attachment is clicked, malware is instantly installed to your computer. The malware will then search for private data, like personal, customer, and financial information OR hold your computer hostage until you pay an unreasonable amount of money to regain control.
In the case of a link, an email is very well disguised to look like a genuine communication from your bank or popular online shopping destination. The message inside is meant to inspire fear and fool you into taking action by saying something along the lines of “your account has been compromised and requires your immediate attention.” You follow the link and quickly enter your credentials to “protect” your account, but you have really just handed over your personal information to a seasoned hacker.
It is important to remember that cybercriminals are most successful when they can trick their victims into doing the hard work for them rather than taking by force. This is just one of the many reasons why providing ongoing cybersecurity training to your employees is a necessity.
Passwords
If you didn’t already know (and I’m hoping you do), using the same username and password for all of your accounts without regularly updating them can be incredibly dangerous. It is highly likely that one of your current passwords has already been compromised and is circulating on the Dark Web. This occurs most commonly when a hacker tracks down your credentials from an old account you “haven’t used in years,” but still continue to use the same password for other active accounts today.
In fact, a report released by Trace Security found that about 80% of all data breaches are the result of weak or recycled passwords. Some examples of the most popular passwords you should avoid using include “password,” “123456789,” and “qwerty.” It seems foolish to suggest that businesses actually use simple passwords like these to protect financial information and customer records, yet I can promise you there are far too many companies that still do.
The convenience of easily remembered passwords is no longer acceptable. If you have a reused or simple password this is a big problem. Especially when you consider how many password leaks happen each year. It is recommended that you change your passwords regularly, every other month at minimum. And, make sure you are using unique passwords for each of your accounts. It could also be worth exploring how a Password Manager can help better secure your login information while easing the strain of memorizing a long list of usernames and passwords.
In Conclusion
Some businesses may be tempted to hold off on investing resources in IT because they haven’t experienced any significant issues. These businesses are considered the lucky few. As cyber crime continues to rise at historic rates and hackers develop new, more sophisticated ways to breach a company's network—relying on good fortune from the past is not a safe bet for the future, even if your team is the New England Patriots.
However, this doesn’t have to be 4th and long or all doom and gloom...
There is a silver lining here. It is currently easier than ever to protect your business from cyber threats, data breach, and phishing scams. And, you don’t necessarily need to break the bank or go on a hiring spree to secure your business. With the help of a Managed IT Services partner that specializes in cybersecurity and regulatory compliance, your business will gain the experience, protections, and resources necessary to maintain a safe and productive business environment. Your employees will also benefit from ongoing cybersecurity training so they can be the front line of protection your business needs when hackers attempt to blitz your business this fall.