IT Blog Articles | Entech | Tech Tips & Tricks for SMBs

3 deadly cyberthreats aimed at your business (and how to stop them)

Written by Entech | Jul 10, 2019 10:00:55 AM

A cyberthreat can emerge from out of left field and ruin your day. Anything from viruses to advanced ransomware can hurt your reputation, slow down your productivity, and cause downtime.

And that’s the best case scenario.

In reality, a serious cyberthreat can cripple your business badly enough to cause it to shut down. In fact, according to Inc.com, a whopping 60% of small businesses fold within 6 months of a cyberattack.

Needless to say, it’s in your best interest to avoid them. Here are 3 of the most dangerous ones, as well as some helpful ways to deal with them.

1. Phishing attacks

Phishing attacks usually come in through email. It will ask for something and pretend to be a business partner, coworker, friend, or run-of-the-mill acquaintance.

The most famous version of these attacks is the “Nigerian prince” scam – where a criminal pretends to be a prince that wants to wire you money, provided that you give them bank information. Sounds too foolish to be true, but it’s tricked a lot of people over the years.

Businesses are especially susceptible to these attacks because they have lots of moving parts. Anything from financial information to customer data gets discussed on a regular basis. Making sure every part of the organization knows about them, and how to avoid them, is critical.

How to stop phishing attacks

Above all else, phishing attacks are stopped with user training.

And if you know what to look for, then you’ll be significantly closer to avoiding any and all phishing attacks. However, some (more advanced) phishing attacks can go as far as to include the exact same email as a user you know and trust. This is known as spoofing, and it’s really hard to catch.

Quick tips

  • Train staff to carefully review the sender’s email address and request. If it’s out of the ordinary, take extra precautions to ensure that it’s really them.
  • Be wary of any links or attachments contained in an email.
  • Use a security solution that can scan and offer additional safeguards to detect spoofing and infected attachments.

2. Ransomware

Ransomware snakes its way into your network through various methods. Commonly, it comes in the form of an infected attachment or a download carrying an executable script. Once a staff member unwittingly executes it, it’s game over.

The virus will encrypt your data, causing all of your folders and files to literally sit behind digital lock and key. To get them back, you’ll need to pay a criminal for the decryption code.

Often, the payment method is through Bitcoin transactions that are untraceable. Opting in to have a cybersecurity team decrypt the data is both an expensive and lengthy process, and can sometimes be futile.

Related: Anatomy of a data breach – what we learned from Target

How to stop ransomware

Your best defense against ransomware is a blend of robust security to stop the malicious file from execution in conjunction with secure backups from which you can restore your data.

Quick tips

  • Make sure your systems are up-to-date and patched.
  • Back up your data regularly, and secure the backups too.
  • Train your staff to avoid downloading malicious attachments and visiting sketchy sites.

3. Internal-based cyberthreats

Cyberthreats aren’t always reliant on feats of ingenious technical wizardry. That’s especially true with those that happen internally within the organization.

In fact, the majority of attacks involve simple malicious acts — like purposely reading a coworker’s emails for information or certain staff having access to things that they shouldn’t have.

Here’s a good example: Sage, a UK-based accounting and HR provider, had an insider-based data breach happen in 2016. 280 of its customers had their data accessed by a staff member that stole salary details and bank account information.

While some employees are actively malicious, some are purely accidental. Leaving a sticky note on a computer with the password to a server with sensitive data still puts your data at risk.

Learn more: 4 reasons your SMB should be concerned about a data breach    

How to stop internal-based cyberthreats

Stopping internal threats from happening is a two-part approach. On one hand, you’ll need to train your staff on more rigid security protocols to prevent them from sharing passwords and generally being more secure online.

On the other hand, you’ll need to create stricter security policies that limit access to data. By limiting this access, you can ensure that people only see what they’re supposed to see. That responsibility should generally rest with your IT department.

Quick tips

  • Train your employees on network security best-practices, so they know what not to do.
  • Create detailed policies and procedures so employees have a crystal clear outline of how to behave.
  • Rely on admin rights to limit access to sensitive data.

Security partners that can help

Here at Entech, we’re pretty big on proper security. That means everything from getting you the cybersecurity solutions you need to handle the threats that come your way… all the way to training your people on how to avoid these threats.

Of course, no two companies are alike. If you’d like to discuss a specific challenge you’re facing, let us know. We’re happy to help.