News of hacking and cyber crimes is in the press every week, but this is just the tip of the iceberg. For every high-profile corporate case you read about, there are thousands of cyber crimes committed against smaller businesses. The rapid rise of this form of criminal activity means every business owner must understand the main threats and take action to prevent them.
Corporations can afford to employ IT security experts and dedicated resources to protect against hackers, but small business owners have to manage these risks themselves. The reliance on the Internet and IT systems for so many aspects of running a modern business means a security breach can have a devastating impact.
The following are some of the most serious cyber crimes likely to impact a business.
1) Ransomware attacks.
This form of cyber crime has increased rapidly in recent years, and the FBI believes millions of businesses are being targeted. Criminals infect IT systems with malicious software to encrypt files and data, and ransoms are demanded for the return of access. The first a business owner knows of an attack is when an ominous message appears demanding payment.
Ransom demands can be as high as $50,000, but most are typically several hundred dollars. Experts believe that around three per cent of victims pay the ransom in the hope their data can be retrieved, but this often leads to further extortion demands. The malicious code is usually delivered in spam emails, so care is needed in opening attachments and files from unknown sources.
2) Denial of Service attacks.
This is the type of cyber attack many businesses fear the most. Denial of Service crimes, also known as DoS attacks, involve maliciously flooding a computer network with huge volumes of traffic. This causes major disruption and can shut down a company’s website, email access and computer systems. DoS attacks don’t usually result in theft of data or demands for money, but they can cost victims a great deal of time and money.
A firewall is the first line of defense against a DoS attack, but larger and more sophisticated forms of the crime can be very difficult to protect against. Migrating systems to a cloud solution gives a business access to expertise and security hardware, and this is a good option if the disruption of a DoS attack could cause serious harm.
3) Spear Phishing.
Spear phishing is a new twist on a long-established form of cyber crime. It involves targeting specific people, usually senior managers or staff with access to sensitive data, using fraudulent emails. Messages appear to be from businesses or people that you know, but are from criminals intent on fraud and deception.
Spear phishing attacks are hard to identify as criminals can be very skillful at disguising their identities and appearing to be legitimate. They often copy company logos and replicate the identities of individuals and businesses known to the victim to use their emails. The aim of most spear phishing attacks is to install spyware or other malicious programming.
Vigilance is key in preventing all forms of cyber crime. Employees must understand the potential threats as well as business owners. Basic mistakes such as opening email attachments from unknown sources or visiting social media or gaming sites on company computers can open the door to attacks.
Modern businesses need to have processes in place to reduce the threat of cyber crime and deal with an incident if it can’t be prevented. For example, software should be updated regularly and passwords to systems should contain a complex combination of letters, numbers and other characters.