I have recently read the IBM Cost of a Data Breach Report 2021 - a terrifying tour of cybercrime that I can only briefly summarize below. My message? Be vigilant!
Many businesses feel “too small†to be affected by a cyber incident.
But Cybercriminals can easily manipulate small businesses.
Additionally, it is harder to say no to ransomware demands if you don’t have a backup system to recover data.
Despite the concentration of machines and computers, human error is still the leading cause of data breaches at small businesses. The IBM report says that compromised credentials ae the most common way cybercriminals attack a company’s data. This means social engineering scams, malaware, sharing logins and revealing sensitive data over insecure emails.
- Social Engineering Scams: This type of cybercrime deceives or manipulates someone into divulging confidential or personal information for fraudulent purposes.
- Phishing
- Spear Phishing
- Baiting
- Spoof Websites
- Caller ID Spoofing
- Smishing
Malware is a type of cyberattack that installs harmful software on a user’s computer after clicking on a harmful link or opening an unknown email attachment. Malware can lock down a computer, block access to files and other critical network components, and obtain sensitive data.
Ransomware, a common and highly disruptive type of malware, locks computer files through encryption until a specific ransom is paid for a key to decrypt the data. Other types of malware are Trojan horses and drive-by attacks.
Small business cybersecurity best practices include Employee Training: you read it here first. Update Security Software: Use firewalls, anti-virus software and anti-spyware programs to help ensure sensitive data cannot be easily accessed by hackers. Avoid using public wifi for sensitive log ins like banking and financial services. Regularly back up data on all computers and have a recovery system in place if the information needs to be retrieved due to a cyberattack. Small businesses and their employees should use strong passwords for every site accessed daily. Passwords should never be shared between employees or written down where others can see them.
Multi-factor authentication requires additional verification information, for example, a security code sent to your phone, to log into networks, systems and computers. Wherever possible, use MFA. Turning it on for email, VPN access, Firewall, and software access leads to a more secure system. You must stay vigilant against fakes, phishing, digital crime and insecure information.
Alvaro Gonzalez Cyber security expert for BATsoftware, IFAC's IT partner back office system