As a small business owner, you’ve probably heard about the dangers of cyber crime. You even may have taken some steps against IT threats, like installing anti-virus software. You know your company isn’t 100% protected, but it’s probably reasonably safe … right?
Wrong. Despite growing awareness, the cyber crime problem has reached massive proportions. Internet criminals stole more than $500 million last year, according to the Internet Crime Complaint Center. And they’re increasingly targeting small businesses, many of which have limited IT resources.
Cyber thieves are continually coming up with new ways to infiltrate your business, and their methods are evolving quickly.
Here are four particularly harmful trends you should know about:
1. Spear phishing
You’ve probably heard of phishing: a scam initiated over email or social media to fool you into handing over personal or business details. Until recently, cyber criminals tended to send identical messages in scattershot fashion. But this approach is losing effectiveness as the public grows wiser, so they now launch more targeted attacks: “spear phishing.”
These messages are likely to address the victim by name and appear to come from a familiar source: a friend, colleague or other trusted insider. Cyber crooks often comb social media sites to find personal information to customize their attacks. The result may be something like: “Here’s the report we discussed at last night’s meeting.”
A solid firewall can help protect you against spear phishing, but you also need to educate your employees. Instruct them to never provide sensitive information like passwords or bank account numbers over the Internet, no matter who they think has contacted them. If they must do this in the course of business, create a list of trusted recipients and show them how messages from these sources typically appear. Also tell them to never open unsolicited attachments without calling the purported sender to verify.
2. Mobile malware
As the number of smartphones explodes, so has the use of mobile apps. Cyber thieves have picked up on this and now use apps to spread malware. Given the growing importance of apps to small businesses, it’s crucial to help ensure the ones you use are safe.
The most common form of mobile malware is spyware, which can steal critical data like financial information and business secrets. It also includes SMS-based Trojans, which send text messages to premium-rate numbers through your phone account and run up huge bills.
Owners of online app stores try to identify and get rid of bad apps, but you must remain vigilant, too. Before downloading an app, check the reputation of the developer and review user reports online. Also look at how many times the app has been downloaded — a small number may signify a problem with this piece of software.
This kind of malware does what it sounds like. Cyber thieves essentially hold your data for ransom, encrypting files on your company’s hard drive and preventing you from accessing anything until you pay for a decryption key. Some common types of ransomware display messages that seem to come from the FBI, saying the user has violated federal law (by downloading pirated software, for example). To unlock the machine, the user is told to pay a “fine” with a prepaid money card or online transfer.
Like other forms of malware, ransomware is installed when you open a harmful email attachment or click on a malicious link. Besides avoiding these actions, a way to help safeguard your data is to back up your files to an online service. This way your company won’t be shut down by a frozen hard drive. You might also want to move some business operations to the cloud, since cloud service providers tend to be better protected against attacks of this sort.
A botnet is a network of hundreds or thousands of computers infected with malware. These “zombie” machines are linked in a rogue network used to send spam emails, steal business information or launch ransomware attacks. If your computer is unusually slow or crashes frequently, it may have been snared by a botnet.
To avoid this, follow best security practices like keeping your anti-malware software updated and running in the background. Also install a strong firewall and configure it to let you know whenever a program or process tries to access your system.
The more alert you are to computer security challenges, the less likely you’ll experience a crippling attack. Still, don’t assume cyber thieves will overlook your company just because it’s small. At the end of the day, strong security practices are essential to helping protect your bottom line.