With more and more data breach stories emerging in the news, IT expert Laura Payne and business consultant Teresa Woolard are on a mission to spread the word about cyber-attacks and help local small- and medium-sized businesses (SMBs) learn how they can protect themselves.
“We only hear about major breaches in the news, but small breaches are happening all the time to organizations of all sizes,” said Payne, who will be teaming up with Woolard to share tips for online security in a free interactive session with local experts on June 20 at Sandbox Centre.
“Our session will provide small-business owners with insights into how common cyber-attacks are, what’s at risk and the key steps they can take to make themselves more secure,” Payne added.
“Participants will also learn how to take advantage of free programs and grants for SMBs to be more secure,” said Woolard.
Woolard tells BarrieToday that cyber-attacks on small businesses are more common than people may think.
“Actually, 43 per cent of all cyber-attacks are directed at small businesses, with the average loss being around $25,000," Woolard said.
Payne says SMBs are often victims of opportunistic attacks, sort of a “spray-and-pray” approach by attackers.
“An example is an attacker buys a list of business email accounts with names off of a dark web marketplace and crafts a very generic phishing email that includes a malicious link," Payne said.
These attackers, Payne added, send the phishing email to everyone on the list, which turns out to be potentially hundreds or even thousands of recipients.
“Even if only a few of the emails get through and a victim clicks, that’s enough to make it worthwhile for the attacker," Payne said.
Woolard says small businesses are an easier target because of insufficient or outdated hardware/software in place to help prevent and alert the staff of a problem.
And more importantly, the lack of cyber-security awareness training among the employees, Woolard adds.
“Hackers are preying on the fact that employees, being human, will respond to urgency or from fear and curiosity, and click on those links before really thinking about what they are doing," Woolard said.
Payne explained that businesses with minimal IT basically have some laptops or desktops and the rest of their services, like email, file storage, and website, are hosted by other providers.
“The top three risks in this case include clicking on link in a phishing email or browsing to an infected site, having an email account taken over, or falling victim to a scam," Payne said.
Payne says business owners should watch out for activity that is unusual or suspicious.
“This could be unusual human activity like a strange email from the boss that just doesn’t seem to fit what they would normally send, or unusual computer activity," Payne said. "For example, the machine running slowly, or an online service approaching limits.”
“Adding layers of security to detect, alert and block suspicious activity like anti-malware, anti-spam, firewalls, alerts and filters are critical,” Woolard said.
Payne noted that another important part of online security includes setting up multi-factor authentication for email accounts, enforcing good password hygiene and limiting who has access to it.
“All (of these steps) reduce the likelihood of a successful attack and the damage that can be done if an attack is successful," Payne said.
“There’s a lot of talk these days by experts to recommend that employees use or bring their own devices for work to limit exposure to a business’s data, as well as providing safeguards for the employees’ devices like VPNs, and a password manager,” Woolard said.
Payne also referred to mobile phones as a door for cyber-attacks as they are another easy-to-carry computer that can be victims of malware and used to target employees in scams.
“With the additional risk of being lost or stolen, they need to have layers of protection like lockscreens, encryption, automatic updates, remote tracking, and wiping," Payne said.
Woolard recommends that cellphone users who frequent free wifi spots such as coffee shops, malls, and so forth should have a VPN on their phone, which turns a risky wifi into a safe wifi.
“And never do online banking at a free wifi spot.”
Woolard noted that businesses in the health-care, agriculture, transportation, financial, and manufacturing industries are particularly targeted because they carry data desirable by hackers.
“Medical health-card information or IP can go for bigger dollars on the dark web than even credit cards.”
Another reason why hackers target small businesses is because they are interested in getting into their larger supply chains.
“While small businesses may think they are small, they are also door openers to important supply chains where hacks could be devastating to a large number of people and communities," Woolard said.
For more information on the It's Never Too Early to Secure Your Business event, click here.
