Written by: USB Security, Union Savings Bank
This Cyber Security Awareness Month, we’ve discussed how to secure your small business against cyber threats and other tips to stay safe online. A big part of keeping your business and your customers’ data safe is knowing how some of the most common small business cyber attacks happen and what the initial signs of a problem look like. Here are 3 small business cyber attacks on the rise today.
Business Email Compromise
In our first Cyber Security Awareness Month post, we covered a growing trend in small business cyber attacks: business email compromise. In a business email compromise attack, a fraudster impersonating someone within an organization, often the owner or other member of upper management, will contact an employee with a request for sensitive information or funds. The high rank of the sender combined with a sense of urgency – which may include a threat to the recipient’s job or promise of a reward – often lead the recipient to follow through with the fraudulent request.
Several possible signs of this specific type of phishing attack may include a sender’s email address that is off by one letter or digit, an unusual manner of asking for information or funds, inconsistent contact information, among other factors. Learn more about what to look for and how to react if you suspect that you or your employees might be a target of a business email compromise attack.
DoS and DDoS Attacks
Most businesses today have dedicated websites that range in function from informational only to full-fledged e-commerce platforms and everything in between. No matter how your small business uses your website, it is undoubtedly a critical piece of your online presence and strategy. Knowing this, someone deploying a denial of service attack (DoS) will typically flood your site with more traffic than it can handle, causing the site to crash and be inaccessible to people who want to use it for legitimate purposes.
Going into the holiday season when retail businesses and e-commerce shops may do their biggest sales of the year, a DoS attack can be especially damaging. An attack can cause the loss of thousands of dollars if not more, depending on when the attack occurs and how long it takes to get the site back up and running properly.
On a larger scale, a distributed denial of service (DDoS) attack routes web traffic from many different sources to a single website or network of sites to bring it down. This escalated attack is often much more difficult to trace, however it can be orchestrated for as little as $150. This price tag would likely do little to sway a disgruntled former employee or meddling hacker from causing a massive headache and potentially big loss for your small business.
While these types of small business cyber attacks may be relatively simple to carry out, there are equally simple measures you can take to help protect your business. Performing regular inspections of your small business equipment, creating more secure passwords and keeping up with software updates that offer the latest patches and bug fixes can help stop DDoS attacks in their tracks by blocking easy access points.
Another frightening type of cyber attack targeting small businesses are ransomware attacks. As the name suggests, hackers executing a ransomware attack will hold a business’ data ransom in exchange for amounts of money that their targets typically cannot pay. As a result, one in five small businesses hit by this type of attack is forced to shut down operations, as reported by CNET.
How are ransomware attacks so devastating? In many cases, these small business cyber attacks use sophisticated data encryption software, leaving a small business unable to access their own network. With the data at their disposal, hackers may be able to access customers’ personal data and other types of sensitive information, stripping the business of any and all control over how it’s used or where it could be sold.
Many security experts will advise against complying with the hacker’s demands as there is no guarantee that they will actually cooperate, so what options are small businesses left with to recover their data? Depending on how the information has been confiscated or encrypted, it may be possible for an expert to regain access to the network. This does not necessarily prevent or reverse any damage hackers may have done to your network, however, so as with business email compromise and DDoS attacks, the best remedy is prevention.
Performing necessary software and antivirus updates as soon as they become available is a good first step. It’s also important to ensure that your network is secured around the clock, not just when your business is open and operational. And while offering free Wi-Fi can be a great customer experience and marketing tool, it should be done properly and securely. You can read more tips on how to handle and prevent a ransomware attack from a small business owner who survived one.
While network security has become more advanced, so has the technology needed for orchestrating small business cyber attacks. It is critical that your business keep up with the necessary security measures to keep your network – and your customers’ data – out of the wrong hands. Visit our Business Blog for more tips this Cyber Security Awareness Month.