Recognize and Prevent the Top Cybersecurity Threats Facing Small Businesses Today

As long as small businesses have been using computers, they have faced cybersecurity threats. As quickly as you can take steps to mitigate existing risks, the risks themselves evolve. In an effort to stay ahead of—or at least keep up with—the latest cybersecurity threats facing small businesses now, here are two of the most common risks and tips for combating them.

Ransomware

What it is:

A type of malignant software (known as “malware”), ransomware not only blocks or disrupts a company’s data or network, but demands payment in order to recover your data or keep it from being made public. Ransomware is a particularly dangerous risk for small businesses because many use a few connected devices, making the spread of this infection quick and easy.

“It’s a difficult decision for business owners who are targeted,” says David Houghton, owner of Fox Security. “Should they pay up and possibly head down a path of greater ransom demands, or should they hold off and risk more damage to their business?”

Warning signs:

Users receive an email or message via social media with a link to a video or something else of interest, or are invited to download a program in order to get access to free music files or other offerings. Pop-up boxes or new icons then start to appear on users’ computer screens, or the computers are operating slower than usual. Finally, someone at the company will be approached by a scammer demanding payment or else your organization’s information will be compromised.

How to recover from an attack:

If you suspect you have been struck by a ransomware attack, use your security software to run a virus check. Contact a cybersecurity specialist or your anti-virus software company and take the recommended steps to remove the malware or find ways to subvert it without having to pay the criminal.

How to prevent:

Standard antivirus software doesn’t hurt, but that alone may not protect a business from the more tenacious versions of ransomware. Among the practices Houghton recommends are internet filtering (through providers such as OpenDNS), restricting company access “to just trusted sites, so the chances of ransomware being able to connect home and upload files is greatly reduced.” Offline backups and patching (updates to buttress weak spots in one’s system or programs) are also effective steps.

Whaling

What it is:

Most small business owners are probably familiar with phishing, but a newer, and bigger, cybersecurity concern is whaling.

“While the attack method is the same (fraudulent emails), whaling attacks are more targeted than phishing and usually focus on the small business owner and their bookkeeper, accountant, or financial officer,” explains Tom DeSot, executive vice president and chief information officer of Digital Defense. “Why these employees and not others? Because these employees or business partners have access to the purse strings of the business.”

Warning signs:

Whaling attacks typically look like an official—often urgent—message coming from an owner or executive telling the bookkeeper, or person in a similar role, to wire money or transfer money to different accounts using the email as authorization. The warning comes (often too late) when it becomes clear that a transfer of funds has been made by an “authorized” but fictitious person.

How to recover from an attack:

If a whaling attack is discovered after money has already left the company, you can try to contact the financial institutions involved and see if the damage can be mitigated. Also, notify law enforcement to ensure there is a record of the fraud having occurred, useful info if the company has any sort of cyberinsurance with which they will seek to file a claim.

How to prevent:

As with much cybersecurity, educating and training staff members correctly is key. Don’t just tell them what to look for, but test them about how to identify a potential whaling attack. Policies can also be put in place that require written authorization (not just email) for any wire transfer. “Second to that would be having a secondary person who can authorize these types of transactions if the owner is away on vacation or otherwise indisposed,” DeSot adds.