In this day and age, headlines like these are common:
As these headlines attest, ransomware, phishing, and other types of cyberattacks are increasing in number and sophistication. To avoid becoming a victim, you must take measures to protect your company, even if it is small. No business is too small to go unnoticed by cybercriminals. The fact is that cybercriminals like to attack small companies because those businesses often do not have the expertise or resources to fend them off.
You probably are running anti-malware software already in your business, realizing the essential role it plays in detecting and blocking known ransomware, viruses, and other types of malware. However, that is only one of several measures you need to take to protect your company against cyberattacks. Other important measures include reducing known security vulnerabilities, educating your employees, and preparing for the worst-case scenario.
Reducing Security Vulnerabilities
You can make it much harder for cybercriminals to attack your IT systems by addressing vulnerabilities that cybercriminals tend to exploit. Here are a few starting points:
Cybercriminals like to target operating system software and applications that have known security vulnerabilities. These vulnerabilities provide a crack that cybercriminals can slip through in order to access your computer systems and install malicious code. Updating your software regularly with newly released patches eliminates known vulnerabilities, thereby reducing the number of exploitable entry points into your computer systems.
Computers, printers, routers, and other hardware devices include firmware, which is software that gives a device its functionality. Just like software, firmware can have vulnerabilities that cybercriminals exploit. So, it is important to patch your devices’ firmware whenever the device manufacturers release an update.
At some point in time, software vendors stop supporting older operating system software and applications. This means that they do not provide any security updates. Cybercriminals keep track of when versions of popular applications reach their end of support. When that day arrives, cybercriminals intentionally launch new attacks that target the unsupported software. Sometimes, they stockpile malware until the end-of-support date and then set it loose. As a result, your business is much more vulnerable to cyberattacks if you are running software that is no longer supported by the vendor.
Our team can conduct a vulnerability analysis to identify security issues that are leaving your business susceptible to cyberattacks. Once identified, we can work with you to address those vulnerabilities and reduce your risk.
Your employees can establish an important line of defense against cybercrime. By educating employees on how cybercriminals carry out cyberattacks, employees can spot these attacks rather than fall victim to them. Phishing, spear phishing, and social engineering should be at the top of your list of topics to cover.
Despite being around for years, phishing emails are still being used by cybercriminals to obtain login credentials and other sensitive information, which they then use to steal money and data from businesses. Although people are now more aware of phishing, the attacks are still effective because of the growing sophistication of the emails.
The emails used to be easy to spot, as they often contained numerous misspellings and grammatical errors and spun fantastic tales about how you won the lottery or how a Nigerian prince needs your help. These days, cybercriminals are increasingly posing as legitimate companies, creating emails that look almost identical to real ones sent by those organizations. Plus, cybercriminals sometimes personalize the email to the point where it includes your name and other information about you—a tactic referred to as spear phishing.
Despite being more sophisticated, there are elements that indicate an email might be a phishing or spear phishing attack. Train your employees to look for elements such as:
A deceptive email address in the “From” field. At first glance, the email address might seem legitimate. For instance, cybercriminals might send out an email message using the address “firstname.lastname@example.org” instead of the real “email@example.com” address.
A request to update or verify information. Cybercriminals like to get sensitive information by posing as a popular legitimate financial institution (e.g., a bank) and asking you to update or verify your information.
A sense of urgency. A common tactic in a phishing or spear phishing scam is to create a sense of urgency. The cybercriminals first let you know about a problem that requires your attention. Then, they let you know that there will be unfortunate consequences if you do not take action quickly.
A deceptive URL. A deceptive URL is one in which the actual URL does not match the displayed linked text or web address. For example, the displayed text might specify a legitimate bank name (“Chase”) or bank web address (“www.chase.com”), but when you hover your cursor over it (without clicking it), you might discover that the actual URL leads to a website in a foreign country known for cyber attacks.
An attachment. Cybercriminals sometimes use email attachments to install malware on computers. Many different types of files can contain malicious code, including PDF files and Microsoft Word documents.