Small businesses can make appealing targets to hackers. They often have much less security than larger organizations but still contain valuable assets and information. Recent studies show that only half of New Zealand small businesses have a defined IT security policy in place. On the other side of the coin small businesses have limited time and resources to dedicate towards cybersecurity. This makes it especially important to identify the areas of greatest risk so you can focus your time and resources. Here are some key cyber threats to your business that you should be aware of.
Malware
Malware or malicious software is a broad term that describes any program that is designed to cause damage in some way. Viruses, trojans, and worms are all different forms of malware. howtogeek.com describes these in more detail here. Most forms of malware are typically downloaded disguised as legitimate software or infect genuinely legitimate software in some way. The best way to prevent malware from infecting your machine is to ensure you have up-to-date antivirus software installed and follow safe web practices.
Social Engineering
Social engineering describes any type of fraud where someone is manipulated in to giving up sensitive information. These attacks can happen over email, on the phone or even in person. The attacks commonly involve someone posing as a trustworthy source such as a bank, credit card company, or government office and requesting sensitive information such as passwords or credit card details. Unfortunately humans are usually the weakest link in the security chain so it is important to be aware of the potential risks and teach your staff basic cybersecurity practices. Lightcyber outlines 8 tops to prevent a social engineering attack.
Phishing
Phishing is a specific, common form of social engineering attack perpetrated through fraudulent emails. You have probably seen “spam” emails like this filling your junk mail box but despite being so common they can also be very convincing and effective. Tech Republic outlines 10 tips for spotting a phishing email.
DOS & DDOS
DOS or denial of service attacks are when a web service is intentionally overloaded with requests and traffic until it crashes. A DDOS is a specific form of this attack where a distributed network of computers sends these requests close toghether. As a small business you are unlikely to personally be the target of a denial of service attack. However web hosts are common targets which can affect all websites hosted on their servers. As a small business the most effective thing you can do to combat this is ensure you have a capable web host that has the ability to prevent and recover quickly from such attacks. For larger businesses Tech Republic give some more details on how to prevent or mitigate DDOS attacks.
