Cybersecurity is a big topic, and many small business owners might be surprised to know that your own people are your biggest security threat. Today’s hackers try to lure people into giving secure information away. So while you should still install malware, spyware, and antivirus software, those systems are no longer enough to protect your business and your clients’ data. You need to also educate your team.
This post will cover what the risks are, the various tactics used to breach your systems, and tips for your people to keep you all safe.
Risks of a cybersecurity breach
Most hackers want to steal your data and sell it to another third party who can piece it together with other data and formulate an attack. Another common tactic is to lock down your network and hold it ransom.
Once they get access to your computer, hackers can:
- Steal confidential information
- Take over your webcam
- Get usernames and passwords for email and other logins
- Install malware
- Install spyware, which allows hackers to harvest data on you and surveil your every move
- Connect you to a botnet: your details are sold online and you’re added to a network of devices that work in unison to infiltrate an organization
- Download malicious apps to your device
Breaches could release information that the hackers could use to steal identities; this could take months or even years to remedy.
Types of cybersecurity threats
The most common cybersecurity threats involve some kind of social engineering, or manipulating people into performing actions or divulging confidential information.
Hackers lure people into taking some kind of action. A threat could come by email, text, voice message or calendar invitation.
And hackers are savvy. They might dig up some useful info on you by browsing your social media profiles, then send you a message, maybe dropping a friend’s name to get your trust. They may approach you on social media, with a flattering comment and then ask questions about your company or the people that work there.
They can use the info you provided to create a message that looks relevant and urgent and send it to someone with access to funds at your company. A common tactic is to send a message from the CEO to a payables clerk or treasurer, requesting funds be sent ASAP. Creating a sense of urgency compels people to make bad decisions.
Cybersecurity tips for your team
Whether or not you formally train your people, your employees should have some awareness of how these threats work. In addition to briefing your team on common threats, here are a few basic things they can do to keep your networks safe:
- Clean desk policy: Don’t write Post-it notes with any username or password information and leave them on your desk. Hackers have been known to physically follow people into their building to try and get information. Be aware of anyone looking over your shoulder.
- Social media: Don’t post travel plans or other personal information. Hackers use social media to get to know you.
- Watch for the unexpected: A random flash drive hanging around with an intriguing label? A phone call, email, text, calendar invite that you weren’t expecting? Think twice before engaging.
- Never use public WIFI with a work device unless you’re using a VPN.
- Know these seven phishing email red flags. Don’t let your team be tricked into giving away sensitive information or taking a dangerous action (such as clicking a link or opening an attachment). Phishing emails can look very legitimate (like it came from someone internal).
Here’s what to look out for:
- Subject line: If it seems irrelevant, doesn’t match the message content or is about something you never requested, it’s a red flag.
- To line: If you were included on an email and don’t know the other people it was sent to, it’s a red flag
- From line: If it comes from an unknown address, obvious red flag. But it might come from someone you know, but seem out of character or unexpected, or use words or phrases that aren’t quite fitting. These are all red flags.
- Date: If it’s an email you would normally receive during business hours, but it came at 3 AM, red flag.
- Attachments: Any attachment that isn’t expected is a red flag.
- Content of the email: Being asked to click on a link or open an attachment to avoid a negative consequence is a favourite trick of hackers – the higher the stakes or consequences mentioned, the more likely it’s fake. It may also be asking you to look at a compromising or embarrassing photo of yourself - anything that gives you a bad feeling, seems illogical, or makes you feel uncomfortable is a red flag.
- Hyperlinks: Look for spelling mistakes in links, or if you hover over the link and that link is different from the one displayed – big red flag.
If you’re overwhelmed by the topic of cybersecurity, you’re not alone. Proactis is our trusted cybersecurity partner. They specialize in small- to medium-sized managed IT solutions. They also led a comprehensive cybersecurity training for our team. Get in touch with them if you think you need help protecting your business.
Looking for more great tips on running a business? See our Small Business Basics blogs for more helpful advice!