Technology changes so fast these days that most businesses can’t keep up with every development, making them vulnerable to hacks, threats or simply being left behind. Unfortunately, the breaches of cybersecurity attacks are on the rise worldwide.
Businesses increasingly carry out orders, transactions and store data online, leading to an increased vulnerability to cyberattack. According to IBM & Ponemon, the average cost of a breach in business cybersecurity is a staggering US$3.9 million. It’s therefore essential to understand the potential risk your business faces and to educate yourself about what to do should the worst happen.
The type of cyberthreats to look out for in 2020
There are several kinds of cyber threats, but the most common are:
Ransomware is malware that disables a system, and the only way to regain access and use is by paying the hackers a ransom to ‘release’ your system. This is now considered the most dangerous kind of attack, and Cybersecurity Venture estimates that it will cost US$11.5 billion globally in the next year with an attack happening every 14 seconds on average.
This attack usually gains entry to a system via phishing emails. These are emails that include a link to the virus / malware. Once you click on the link the virus can enter your system and breach your data. Signs that an email may contain a cyberthreat are messages that ask for personal information, come from a suspicious-looking address, and/or contain threats or very poor grammar or spelling.
Personal, Identifiable Information Attacks:
In 2018 the much-publicised Cambridge Analytica political hack collected personal information on Facebook without user’s consent and used it for political purposes. This was a dramatic reminder about just how much exploitable data is out there, including sensitive and personal details such as names, addresses, birth dates, credit card numbers and more.
Given that we use credit cards every day in both personal and business owner capacities, this is definitely a threat to be aware of. A sobering thought is that, according to Australian Payments Network, online fraud is the most common type of fraud for credit card users.
Crytojacking refers to the use of someone else’s computer for the purposes of buying cryptocurrency which is a virtual form of money that is not supported by the government. These hackers don’t break into your computer or system in order steal or ransom your data. They use your computer as a host in order to carry out cryptocurrency deals online, mine currency or otherwise deal with cryptocurrency.
While this type of hacking won’t usually cause you to lose data, it takes up valuable server space and bandwidth, which will increase electricity bills and slow down your computer or system. Of course, a threat to data can’t be entirely discounted here either.
Home & Business Systems Attacks:
With the increased use of system-based technology such as Smart Appliances in our homes, we have opened another door for hackers. They can now access security cameras, baby monitors, smart speakers and any other connected device. Any of these devices, particularly ones used directly for your business such as Alexa, can lead to more serious cybercrime. A common way that business owners leave themselves vulnerable is by not changing default admin settings. This is the equivalent of leaving your front door wide open for hackers to stroll in
Weak Password Attacks:
According to IBM, more than 80 percent of data breaches occur because of weak passwords. The type of password you set may seem trivial, but it could leave you vulnerable, especially if you use the same password across multiple websites. Businesses that improve the strength of their passwords create a lot of work for hackers, making themselves unfavourable targets. Simple steps include using passkeys instead of passwords. A passkey is a phrase and should include capital letters and symbols and numbers. An example of a strong passkey is IL0vePr4ncingHorse$
How to protect your business
Fortunately, there are things you can do to protect your business from cyber threats.
Store data offline:
It’s a great idea to have two backups: one on a hard drive (preferably an external one) and one in a cloud system. If a business your business is compromised on either platform, you will still have a copy of your data.
This will make recovering from a cyber-attack cheaper and quicker. It will also allow your business to stay up and running as you recover.
Educate & train your staff:
It’s important that you understand the risks, but it’s crucial that your staff do too. You need to ensure that they are able to identify potential threat. You also need protocols in place around reporting and managing cyberthreats. If you don’t feel that you can train your staff yourself, you could make use of an appropriate training provider such as DDLS who offer several vendor-certified courses from cybersecurity professionals. to find out more, follow this link: Cybersecurity courses.
Make a game plan:
It’s also vital that you have a plan in place to deal with threats and breaches. Because they can happen so fast, there’s no time to plan after the fact. You need to act immediately. Your business needs a clear, step-by-step plan that can be put into action following an attack. It must include your cybersecurity preparation, how a threat will be detected, how to determine the extent of the threat, what actions must be taken to respond to the threat, and how your cybersecurity plan and measures should be reviewed. You staff must have access to this plan and understand their role in it so everyone can respond fast and effectively.
Two Factor Authentication:
Users are only granted access to something after they have proved who they are and that they have the necessary access permissions across two devices. For example, to access a company system on the computer, an employee will have to enter a PIN sent to their mobile phone. This makes gaining unauthorized access much harder.
It’s a very good idea for you and your staff to regularly change your passwords. For a stronger password, avoid using names, addresses, dates of birth, or family’s or pet’s names. In addition, don’t use the same password for everything. If your business stores its passwords on the cloud, you can use an app like LastPass which stores encrypted passwords online.
IT Check & Software Update:
Antivirus software like MacAfee is a must. While there is free software available, the better-known and established software involves a monthly or annual fee. Most reputable software of this kind will be updated regularly and will help to identify and block threats. Be careful not to let your antivirus software subscriptions lapse.
Use Mobile Payment Methods:
Mobile payment methods such as Google Pay are now safer for businesses than using a credit card. When you use a mobile device, you must unlock it first. Technology now offers a range of ways to do this: voice recognition, fingerprint, face recognition, a code or password, etc. Without the owner of the device present the device can’t be accessed and Google Pay, or equivalent, can’t be used. This makes payments far more secure.
Consider buying insurance to protect against cybersecurity breaches. It is wise to shop around and compare insurance and quotes to ensure that you get appropriate cover with a reputable insurer at a competitive rate.
Why is it safer to use Google Pay instead of a credit card?
We mentioned Google Pay in the previous section. However, it’s worth looking in more detail at why it is safer than using a credit card.
- In order to pay with a card, you need to take it out of your wallet and swipe it or enter a PIN. During this time your card could be photographed and all the information on it recorded: your name, card number, the expiry date, CVV number and even your PIN. If you are tapping, all this information could be ‘skimmed’. Given some transactions don’t require the card to be present, your card could be used for online purchases without your knowledge or consent. You may only find out much later, when you closely examine your bank balance.
- Credit cards can be lost or stolen. If a less than honest individual finds or takes your card they can use it to make online or even instore purchases if the PIN is not required by the vendor. In the event that you and your card are separated, you must immediately contact your bank to notify them so your card can be cancelled.
- PINs can be stored on some cards. The fact that it is encrypted will not protect it from a skilled hacker; your PIN may be cracked and extracted using sophisticated software. Your card can then be used.
- There is now a clone credit card available on the black market through the Dark Web. It is called Yescard and it can be used to clone a card number. The holder of this illegal Yescard programs it with his own PIN and uses it as one would a legitimate credit card. In other words, the hacker uses his card to spend your money.
- Cards that have been stolen can be swiped through a card reader and the service code can be modified or rewritten. This means that the card can be used without a PIN.
With the rapid advances in technology and boom in cybercrime, the threat to cybersecurity has never been higher. However, if you and your staff follow the tips outlined in this article, it will go some way to reducing that risk. Don’t delay, though. An attack on your data and system can happen at anytime and with great speed.