Cybercriminals use every method possible to launch cyber-attacks on businesses, draining billions of dollars every year, is your business at risk? Is your livelihood in jeopardy from an unknown foe? Let’s look at just some of the most common types of cyber-attacks, some of which you may have heard of, and then talk about ways to stop them.
A DoS attack happens when the target is your business’ server and network. The cyber attack aims to disrupt completely or shut down your workflow by sending a massive amount of traffic directly to it, overwhelming the system. This enormous traffic flow overloads your system and causes it to slow or crash. As a result, no computer access can be devasting to a business.
You have likely heard of malware. It is the malicious software downloaded into your system that wreaks havoc. In short, malware (malicious software) is a method terrible actors use to gain access to data and cause virtual destruction.
Malware comes in many forms; here are some to keep an eye out for. Key Loggers record every keystroke, giving access to passwords and personal identifying information. Then you have Trojan Horse, which appears to be the software you need, but in reality, it is on a mission to steal, block, and deny data. Spyware is malware infiltrated into your system to spy on you. Ransomware is taking off, with billions lost yearly to cybercriminals holding critical data ransom. Ransomware is exactly as it sounds; a criminal is holding your system or data hostage and demands money to release their hostage (your data/system).
Cybercriminals are “fishing” for information from you or your employees. This can come in the form of an alleged administrator asking you to change your password. These emails look genuine, perhaps appearing exactly like an account you have. For example, an email with graphics and links that look exactly like it originated from Home Depot. However, on closer examination, it is just not right.
Let’s talk about how cybercriminals use seemingly legit email to attack businesses. You may be looking for phishing and spam emails, but an alarmingly growing concern comes from business Email Compromise (BEC) attacks. A BEC is a planned attack by cybercriminals that uses outwardly legitimate email to facilitate a targeted attack.
Let’s look at a common BEC attack scenario: Jim Halpern, an employee in your accounting department, just opened an email that appeared to come from the XYZ Paper Company, a business that his employer has been working with for years. The email seemed legit in all aspects, from the address to the signature block. The email asked Jim to pay an urgent overdue invoice. Little did Jim know, the invoice originated from a malicious actor, a criminal looking to make a payday. Jim didn’t want to look bad, so he immediately paid the alleged overdue invoice. Unfortunately, the payment went directly to the cybercriminals. The bad actors now had the payment and all the account information for your business.
Not one single business or organization is free and clear from a cyber-attack. Even if they are business savvy. In 2020, Barbara Corcoran of Shark Tank fame fell victim to a BEC scam that cost her company $400,000. Cybercriminals posing as her assistant invoiced Corcoran’s business $400k, and the business paid. On the surface, the invoice looked legit, but closer examination showed the email was fraudulent.
You can have the best firewall software, an IT department on call 24/7, and a myriad of cyber defenses, but all it takes is one employee to open the door for a cyber attacker. Cybercriminals look for the easiest way in, and most of the time, that easy way is one of your employees.
Cybercriminals use the internet as their hunting grounds. They scan social media for potential targets, whether individuals or businesses. Once a target is identified, they use all available information to build a profile of their prey. Then they use the information to contact your employee. Everything the cybercriminal says or does appears genuine, so your employee provides them with what they want. No questions asked. The cybercriminal just “hacked” your employee. This is social engineering.
These are just some steps to protect your business from cyber-attacks:
Strong passwords are one of the first lines of defense against cyber-attacks. If possible, couple this with two-factor authentication. Two-factor authentication uses two methods to access the system, typically in the form of a text message with a code or an authenticator application. Strong passwords also include your wi-fi network and change the wi-fi password regularly. Do not use the same passwords across networks.
Have a plan. A plan includes backing up your data at a source not connected to your network and securing your backup. Have you prepared a continuity of operations plan if you lose network access and access to your backup?
Who wants to sit through another cyber awareness training? In a perfect world, your employees eat up every screen of the mandatory cyber awareness training you provide them. But, in reality, they likely click through each screen to get it over with. Your staff may not even have cyber training requirements if you are a small business. You may need to take training yourself and then brief your staff on what you learned. To start, you and your team must have basic cybersecurity awareness.
Be on the lookout for misspelled text and email addresses that appear legit but may have slight misspellings. For example, your company email address is listed as email@example.com, and the email you receive is from firstname.lastname@example.org. If you receive an email that appears phishing or may be a BEC attack, examine it closely and verify the email came from a legitimate source. Then, go to the legitimate web address and contact them directly or call them, obviously not using any contact information from the potential bad actor’s email.
It is imperative that you keep your software up to date. All your software, not just your anti-virus; you have anti-virus software, right? I’ll say again, keep everything up to date.