Small and mid-size businesses (SMBs) are an attractive target for hackers because SMBs represent a good return on investment. With less cyber security in place and minimal resources to dedicate to network security, hackers are finding plenty of valuable data to steal from unprotected SMBs. In fact, 30 percent of all businesses targeted by hackers were businesses with less than 250 employees. Until SMBs take proactive, measurable improvements to IT security, many will succumb to cyber criminals.
The most common business-related tasks – emailing and utilizing web sites and online services – present the most dangerous risk of a system compromise by cyber criminals.
SMBs are especially vulnerable to Watering Hole attacks in which hackers get to larger companies by staking out a SMB. In a Watering Hole attack, hackers compromise the security of the small business website that an intended target (usually a larger enterprise) is likely to visit and once the target visits the website, the large customers computer becomes infected with malware and the malware spreads unnoticed.
Spear phising is another popular way that hackers target SMBs. According to Techworld.com, 91 percent of targeted cyber attacks begin with a “spear phishing” email, 94 percent of targeted emails use malicious file attachments as the payload or infection source.
Drive by downloads are another tactic hackers use to attack unsuspecting SMBs. Malicious software is downloaded to a device — without the user’s knowledge — when the user views a compromised webpage. Once installed, this malware can do a number of different things: log keystrokes, scan the system for files of an interesting nature, infect the Web browser with a banking Trojan that hijacks online-banking sessions or install a “backdoor” that will let cyber criminals conduct cyber attacks by using your IP address.
SMBs can protect themselves by taking a more proactive approach to security, this includes:
1. Educating employees are safe internet use best practices
2. Use application whitelisting to help prevent malicious software and other unapproved programs from running
3. Stay up to date on software and operating system patches
4. Minimize the number of users with administrative privileges and limit data and software to a need-to-know basis
5. Implement as many of the 20 Critical Controls for Effective Cyber Defense as possible.
If you are concerned about the security of your business’ computer or network, contact ACE IT Solutions at 646-558-5575 for a free security consultation. Email us at firstname.lastname@example.org to request a FREE copy of our Safe Internet Browsing Manual for your employees.