The latest Government Security Breaches Survey found that nearly three-quarters of small organizations reported a security breach in the last year (2015) which is a 13% increase from the 2013 and 2014 survey. Small and medium-sized enterprises (SMEs) are now being pinpointed by digital attackers. Last December, more than half of spear phishing attacks were carried out against SMEs and resulted in damages between $150,000 and $600,000.
“Small businesses may feel that they aren’t likely to be a target due to their size and that hackers couldn’t possibly be interested in what they do – but in reality the exact opposite is true,” says Sarah Green, a cyber security expert and business manager for Cyber Security at Training 2000.
Cyber criminals are targeting SMEs as they tend to have lower defenses than larger organizations, due to their lack of financial and human resources. SMEs who have contracts to do business with larger organizations are higher on the list of targets for hackers, as this may allow them to penetrate the larger organization’s database through the smaller entity. An example of this would be the breach that occurred at Target Corp.
According to the Cyber Streetwise campaign, major cyber threats to SMEs include:
- Ransomware – A type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems or to get their data back.
- Hack Attack – Where a hacker manages to gain access to the company’s network, typically by exploiting an unpatched vulnerability within the software, allowing them access to the company data. The target will generally be personally identifiable information (PII) on a company’s customers, especially credit card information.
- Denial of Service Attack (DoS) – An attempt to make a machine or network resource unavailable to its intended users, such as to temporarily interrupt or suspend services of a host connected to the Internet.
- Human Error – Employees are often the weakest link in the security chain and a vast number of data breaches are the result of information being lost or distributed to the wrong person.
- CEO Fraud – We recently wrote about cyber liability insurance and how insurance companies are not covering CEO Fraud. CEO Fraud (also known as Business Email Compromise) is defined as a sophisticated scam targeting businesses working with foreign supplies and/or businesses that regularly perform wire transfers payments. The scam is carried out by compromising legitimate business email accounts to conduct unauthorized transfer of funds.
Besides the most common suggestions for increasing your cybersecurity (stronger passwords, antivirus, software updates), here is a list of 10 Tips to Boost Cybersecurity Awareness in Your Company.
When conducting cyber security training and education sessions:
- Address your audience in a friendly manner
- Use the right tone of voice
- Get support from HR and legal teams
- Keep colleagues informed
- Use your imagination
- Review your efforts
- Make it personal
- Avoid jargon
- Encourage an open dialogue
- Consult the marketing team
The time of thinking “this will never happen to my company” is over. Whether your company is in agriculture or insurance, hackers are after your data. Take all of the preventative steps to properly secure your important information before it’s too late. Contact WatchPoint Data to learn more about how we can help you with this process!
With WatchPoint's Security Solution you will:
Know someone is securing your business.
Have true visibility into your digital assets.
Have a support staff dedicated to safeguarding your network.