Advancing technology provides game-changing tools for entrepreneurs. Each new wave of tech innovation offers benefits, helping forward-looking business owners find greater efficiency and competitive advantages. On the path to profitability, entrepreneurs use tech advances to
- Streamline Delivery of Goods and Services
- Optimize the Workforce
- Increase Productivity
- Make Operational Improvements
- Create a Positive Public Image
- Improve Communication with Clients and Collaborators
Unfortunately for well-meaning business owners incorporating technology for maximum benefit, leveraging modern tech also has a downside. Opportunistic fraudsters and cyber criminals commonly exploit tech-driven vulnerabilities, taking advantage of companies that are not prepared for cyberattacks.
According to Cyberus Security consultant, Cynthia James, small and mid-size businesses are particularly vulnerable to cyberattacks. Contributing to a recent Inc. article, James suggests many entrepreneurs are not personally equipped to deal with technology issues. Though the problem overshadows financial and legal risks, it is thought 80 percent of CEOs are non-technical. Lagging tech knowledge and understanding creates a security vacuum within many organizations, opening doors for cyber scams and attacks.
Despite the perceived complexity of tech-rich working environments, James suggests 85 percent of cyberattacks result from a simple error – clicking on the wrong thing. She further identifies two principle risks accounting for many of the attacks impacting small and mid-size businesses. According to the security expert, business owners need to be on the lookout for two prolific types of cyberattacks.
Business Email Compromise (BEC) – The FBI began tracking an emerging cyber threat in 2013. Since then, business email compromise has impacted businesses and organizations in all 50 states. The international threat has also been documented in more than 100 countries, targeting schools systems, non-profit organizations, religious entities, and businesses of all sizes.
Relying on deception to con victims, the cyberattack occurs when criminals spoof or hack email accounts, falsely gaining the trust of unsuspecting staffers. By targeting employees with access to company finances, cyber criminals orchestrate illegitimate wire transfers and bogus banking requests.
The sophisticated scams may begin with phishing and malware attacks, enabling perpetrators to study an organization’s billing, communications, and executive structure, before striking. When the organization is most vulnerable, often during periods when the CEO is away from the office, criminals seize the opportunity to advance their fraud. In many cases, an executive’s email account is hacked, sending a false request for an immediate wire transfer – typically to a familiar vendor. Business email compromise succeeds when an employee follows-through, believing the request is legitimate.
Ransomware Attacks – Ransomware attacks spread malware, which encrypts victims’ files. Perpetrators subsequently hold the data hostage, demanding payments from businesses and organizations, in order to restore access to their files.
Ransomware attacks unfold in a number of ways. One common access strategy for cyber criminals includes phishing scams that lure staff members to click on attachments. After an employee downloads and opens a problematic file, the attacker is able to take over the individual’s computer. Sophisticated versions of the attack exploit security vulnerabilities, enabling criminal access, without active participation from staff members.
Once they’ve infiltrated an organization’s network, ransomware attackers typically encrypt files, which cannot be restored without a unique mathematical code, known only to the attacker. Cyber criminals may then threaten to expose or share sensitive information, unless a cash ransom is paid.
Expert Recommendations Defend Against Attacks
Protecting your organization from cyberattacks isn’t a passive process; scams evolve and sophisticated perpetrators may come at you from multiple directions, attempting to exploit a weakness. Although you may not be able to log a perfect score, defending against cyberattacks, adhering to basic security measures can dramatically limit your exposure and discourage criminal infiltration.
- Store backups off your network. Cyberattacks, particularly ransomware schemes, are likely to affect your entire organization, including original files and backups stored on your internal network. To enhance cyber security, store backup files somewhere away from your primary network, or use the cloud. If you do fall victim to an attack, the critical step retains an intact backup, leaving you less vulnerable to extortion
- Separate IT and cyber security efforts. Lumping cybersecurity with IT responsibilities is counterintuitive. IT departments specialize in creating and granting access to computers and networks, providing technological assistance, as needed. Your cybersecurity team, on the other hand, is responsible for limiting access to technology and networks. Security experts also defend against breaches and work to reduce system vulnerabilities, while establishing protocols and processes that limit exposure to cyberattacks. Separating these distinct departments facilitates greater oversight and enables each team to excel in its particular area of expertise.
- Train staff members to recognize suspicious emails. Cyberattacks commonly exploit email vulnerabilities, gaining access to your network through unsuspecting employees. In many cases, attackers pose as executives, internal staff, or representatives from partner organizations. Any time an email contains requests for money or sensitive material, trained staff members should automatically verify its legitimacy – even if it means confirming the request in person or consulting with IT and cybersecurity teams to assess its validity.
- Be realistic about trade-offs. According to cybersecurity consultant, Cynthia James, business owners must consider inherent trade-offs when crafting cybersecurity plans. Expecting cheap, easy, and secure solutions is unrealistic, so James coaches decision-makers to focus on achieving two of the objectives, prioritizing either cheap or easy, but not both.
- Defend against phishing attacks. The vast majority of cyberattacks involve phishing attempts. Training staff members to recognize the threat reduces the likelihood your business will be victimized. To prevent breaches, school staff members to watch for unusual email attachments (particularly employees with access to sensitive information), fake website addresses, and out of the ordinary information requests.
Small and mid-size businesses are particularly vulnerable to cyberattacks, often lacking the budgets needed to combat criminal campaigns. Whether you’ve been victimized in the past or simply need to fortify defenses against the persistent problem, adopting expert recommendations can help limit your exposure to ransomware and BEC attacks.