While big organisations may be used to being targeted by various forms of online attacks, an increasing number of small businesses are falling victim to cybercriminals, according to a security expert from Cisco. He also shared some advice on how small businesses can better protect themselves online.
Online attacks can be far more damaging to small businesses because, unlike larger organisations, they often don't have formal measures in place to prevent and fend off security incidents, Cisco general manager of security for Australia and New Zealand Anthony Stitt told Lifehacker Australia.
He noted that while ransomware continues to plague Australian businesses of all sizes, Stitt and his team at Cisco have seen cybercriminals turn their attention to small businesses with sophisticated social engineering and phishing attacks. Emails that are being sent to these businesses can be highly targeted and extremely convincing. According to a recent report from Norton by Symantec, one in four in Australians cannot detect a phishing attack, and another 15 percent of Australians have to guess between a real message and a phishing email.
Then there's also denial-of-service attacks that could cripple a small company's ability to work, especially if their business is mainly based online.
"Small businesses are often more susceptible to these attacks because they've had less training in these areas," Stitt said. They also don't have a lot of resource to dedicate to security. "Good security is inherently a good feedback loop. You need good systems in place. Big and small businesses often fail at this.
"There is more potential for damage if you don't have a formal structure in place to deal with these attacks and small businesses often don't have people dedicated to dealing with them. Without formal structures and a proper feedback loop, they risk being caught by similar attacks over and over again."
So what can small businesses do to protect themselves from online attacks? Stitt has some pointers:
- Be vigilant with backing your devices and hard-drives up. The best way to do this is to acquire an automated service that requires no thought or input to work.
- Only use reputable cloud services wherever possible (email, backup, notes, CRM, DNS, accounts) because if all your important data is in cloud services, recovering from a problem is simple. Changing devices is a no brainer and ransomware is less of a risk.
- Invest in a good password manager tool and use it to select difficult random strong passwords for all your accounts; do not share passwords across accounts.
- Never download anything from an untrusted source. Ensure you buy applications from trusted stores like Apple Online Store, Microsoft or Google Play.
- Invest in one of the new breed of endpoint anti-malware solution.
- Turn off vulnerable browser extensions and add-ons, plus it is worth considering the use of a safe browser.