Cyber-security has become a front and center concern for businesses, governments, and individuals. Cyber-attacks routinely make headline news with wide-spread and enormously impactful incidents. Although cyber-attacks do not necessarily discriminate, there is mounting pressure on small businesses to proactively combat this threat. In a press release made by the Small Business Committee, Chairman Steve Chabot(R-OH) stated in his opening remarks “…the majority of cyber-attacks happen at small businesses. In fact, 71 percent of cyber-attacks occur at businesses with fewer than 100 employees.”
The statistics are mind boggling. Gartner predicts that 5.5 million new computers and devices will be connected each day amounting to a 30% rise to 6.8 billion in 2016. And, by 2020, these predictions increase to 20.8 billion which translates into 2 to 3 connected devices per each human being on the planet. CNBC’s interview with Derek Manky, Fortinet Global Security Strategist, describes another unsettling statistic “Every minute, we are seeing about half a million attack attempts that are happening in cyber space.” Experts widely agree that the size of the attack playground is dramatically increasing as hackers are becoming increasingly sophisticated and well-funded in their attacks. As large businesses have been working to implement robust cyber-security plans, small businesses are becoming more common targets.
For a small business with limited resources, addressing the constant threat of cyber-attacks may seem overwhelming. The U.S. Small Business Association offers a 30-minute self-paced training to get you started. Some of the more common categories of cyber-attacks described are:
- Tampering: Website tampering can include defacing your website, hacking your site, and compromising web pages to allow download of invisible code for spyware.
- Theft: Data can be stolen through inappropriate access to computer accounts, intercepting emails or internet transactions, various phishing methods, and identity theft.
- Denial-of-Service: Denial-of-Service (DoS) focuses on attacking your system by sending large volumes of data to slow or stop internet traffic.
- Malware: Malware has the malicious intent of stealing or destroying digital data. Malware is commonly encountered with email attachments, internet downloads, or operating system vulnerabilities.
Knowing these common threats and your risk tolerance to them will help you determine mitigation measures. These measures can be thought in terms of human vulnerabilities and system protection.
- Human vulnerabilities: Establishing your security policy, training your employees, and adhering to them will go a long way to limiting risk. Basic dos and don’ts for safe internet practices, email practices, and desktop practices should be considered. For example, surfing the internet with an administrative account is not considered a good practice.
- Protecting your systems: Use tools such as anti-virus software that can help detect malware and firewalls that can help trap suspicious emails. Ensure your operating system is current; many times OS upgrades address security holes. Maintain a backup of important data and store it in a safe place.
Being aware and taking proactive measures against the most common types of cyber-attacks will help in reducing your risk of being a victim of cyber-attack. Ninestone can help you research your security alternatives, create a plan, and implement it.