Cyberattacks on the Rise: Be Prepared!

• 82% of ransomware attacks target companies with fewer than 1,000 employees, 37% of which employ fewer than 100.

• In 2020 alone, U.S. small businesses experienced 700,000 cyberattacks, totaling $2.8 billion in damages.
  

• 51% of small businesses attacked by ransomware pay the money.

• 75% of small-business owners and managers stated they would have to cease operations if they were hit with ransomware.
  

Here are five of the most common hacking methods cybercriminals use against small businesses:

Phishing—Phishing emails appear to originate from an authentic brand. They contain a sense of urgency, persuading the user to click on a malicious website or attachment. Phishing is commonly used to hack into accounts receivable.

Clickjacking—Clickjacking also tricks the user into clicking a malicious link; doing so allows the hacker to control the user’s device.

Keylogging—Keylogging allows hackers to record every keystroke on a user’s device, providing them to access sensitive information.

Viruses—Computer viruses, worms, and Trojan horses are software programs that can be installed in IT systems. These programs lock up files and spread quickly across entire networks. Ransomware is a virus that makes data inaccessible until a ransom is paid to the hackers.

Denial of Service (DoS)—A DoS is a hacking technique that takes down a website by overwhelming the server with fake data requests. The server cannot process all the requests and crashes.

Source:  Intellicomp

• Implement mechanisms to establish redundancy, such as routinely backing up digital records and storing copies in separate locations. Also, maintain a secure off-site location for paper files.

• Ensure digital files are properly encrypted, and firewall protection and antivirus software remain active at all times.

• Restrict access to electronic records via user authentication and other controls to ensure only authorized personnel can access digital files.

• Assess the cybersecurity protocols of vendors and other third parties. If you can’t persuade a vendor to improve its security, you may want to consider switching vendors or having a backup available.

• Regularly audit your record-keeping systems for security and accessibility.

• Educate your staff on appropriate documentation and record-keeping practices and make sure all employees understand their role in maintaining accurate and up-to-date records.

• Designate a staff member, team, or third party to continually monitor and evaluate your cybersecurity systems.

While prevention is the best way to prepare for a cyberbreach, small businesses must also plan for potential periods when their systems are offline. That means relying on paper and manual procedures as a backup.

IT systems can be down for days or weeks in the aftermath of a cyberattack. Prudent business owners will develop a “pen and paper plan” to enable continued operations while unplugged from technology. For instance:

• Keep paper copies of your plans for emergency operations and business continuity.

• Maintain a supply of Post-it notes, flip charts, and construction paper. These can be handy when navigating many workflow changes.