This year a big concern for small to medium sized businesses is going to be cybersecurity. I know that’s a broad topic, and you’ve almost definitely been hearing about it for years, but as cyber-criminals get smarter, how to keep your company protected has to change. This past month the FBI released a statement on Combating Foreign Cyber Threats for small businesses which helps define the areas to watch since this topic does encompass a lot. The statement starts with the Deputy Assistant Director of the cyber division saying “the growing number and sophistication of cyber threats poses a critical risk to U.S. businesses, and the impact of a successful attack can be devastating to small businesses in particular.” We say it all the time, no business is too small to be targeted/attacked, so if you thought that you didn’t need to put effort into your cyber-security because you’re small, it’s time to change that way of thinking.
What is the FBI watching?
Business Email Compromise
BEC is defined as a “sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments/” These scams don’t just target large corporations and are often hard for email recipients to detect as the email looks as though it’s coming from one of the company’s executives email accounts. Check out this Trend Micro article for examples of different types of BEC schemes. And check out one of our previous post on learning the difference between hacking and spoofing.
Ransomware is nothing new, in fact we've written about it a couple times, like this post from July of 2016, but it’s still a growing problem, and those behind these attacks are using more and more sophisticated tools. The basic explanation behind this threat is that cyber-criminals will gain access to a computer through various means (often phishing emails) and will the encrypt and lock the user out of their files until they pay the ransom to get the encryption key (hence the term ransomware). Recently the ransom has been demanded in some form of crypto currency, making it harder to trace and catch these cyber-criminals. This sort of attack is why we stress the importance of having reliable and maintained backups, because an attack like this could easily bankrupt a small business.
Internet of Things Devices
If you’re utilizing any sort of smart device in your office (like anything mentioned in our smart office post) this is something you need to be aware of. While cool, many of these devices lack proper security standards and increase your businesses risk of having it’s network compromised. We recently talked about “Botnets” and “Internet of Things” attacks, and gave more details on how these can be used to compromise your network.
What else should you be watching?
GDPR Rules and Data Protection
This one really only applies if your business has any dealings with customers/businesses in the European Union. GDPR stands for General Data Protection Regulation. CSO states that under GDPR “companies will need the same level of protection for things like IP addresses or cookie data that they do for name, address, and social security number. Because the GDPR says that companies are required to provide a “reasonable” level of protection, but then fails to define “reasonable” there is a lot of wiggle room for those in charge when it comes to penalties after a data breach, so for small businesses there really is no room for error.
CSO’s article on GDPR’s requirements, deadlines, and facts can answer a lot of questions if this will affect your business.
What can you do?
Partner with a company that has the cyber-security background that you may not have. Whether that be a company that solely focuses on cyber-security or a Managed Services provider that can help with cyber-security, backups and data protection, and network security. If this is an area your business is falling short in, then make this the year you change that, and give us a call!