If you think you’re immune to cyberattacks as a smaller-sized business, you’re wrong. Attackers don’t just pass small businesses by — they want access to your information and money at all costs.
Instances of cybercrime are publicized just about every day. Microsoft just reported that they were the victim of a password spray attack — an attack where bad actors use the same password on multiple accounts to attempt to access a network.
The breaches that make the news are larger companies or government organizations. Don’t let that give you a false sense of security. Many of the smaller breaches go unreported, even though they are much larger in number and incredibly damaging to businesses.
So, how are you being targeted and what can you do to protect your small business?
How Small Businesses Are Targeted
Current statistics show almost 43% of cyberattacks are hitting small businesses. Only a few of those businesses are properly protected. That translates into those businesses being on the hook for a few hundred to hundreds of thousands of dollars’ worth of damages.
The bad guys are targeting the people in your organization first. They are using simple but effective ways to trick any person they can contact to circumvent automated security measures and gain access to their data.
The bulk of attacks come in the form of a simple email with a link. The attackers jump from one compromised email mailbox to the next. They use the trust of each additional compromised mailbox to trick more and more users into clicking a malicious link and becoming the next victim.
Once the attackers have a foothold, they spend time researching whose mailbox they’re in, what the company structure is, and worst of all, the company’s clients and vendors. With that information in hand, they craft the next round of attacks to pinpoint ways to monetize their efforts.
What You Can Do to Protect Your Business
Even though these attacks frequently happen, they cause more than just a nuisance. Your company can lose time recovering the trust of your employees, clients and vendors. That confidence in your company takes years to build and maintain but can be lost swiftly should you leave yourself open to a cyberattack.
The best way to protect your network is to follow a solid framework. We have the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), Australia’s Essential Eight and many others. These frameworks provide guidelines and best practices for how your company should handle a security risk in your IT infrastructure. When you inevitably encounter a threat to your network, there will be no room for missteps because you will have a plan to manage any risk appropriately before it can inflict further damage.
The moral of the story is you need to be organized and prepared. Pick the framework that fits your organization, so you know how to protect your most valuable data.
In addition to having a strong framework in place, make sure your team members are up to date with cyber security awareness training and are monitoring for suspicious activity as new threats constantly emerge. The biggest threat to your organization is not an outside attacker — it’s you and your employees.
The actions of your team determine which security risks develop into legitimate attacks. If everyone is educated on what to look out for and how to follow your framework to manage potential threats, your business has an even stronger line of defense and less chance of being victimized.
Threats in Disguise: QR Codes
QR codes are here to stay. They are convenient a way to provide a wealth of information with a simple scan of a smartphone. During the pandemic, they were the safest way to look at and handle menus in restaurants. Want a quick way to pay for your public parking? Use the QR code!
But here’s the downside. QR codes obfuscate the websites they direct to. You can’t hover over them and clearly see their destination like you can with hyperlinked text.
It didn’t take long for bad actors to put their QR codes on top of the one you thought would allow you to pay for parking, receive an email offer or take you to a signup page. Phishers are using QR codes to leverage the public’s need for convenience and the trust that most users already have in these ubiquitous images.
We don’t expect QR codes to go away anytime soon due to their utility and availability. However, because they’re being manipulated more and more frequently, we hope there will be stronger support for verification of these codes to ensure they’re safe before people put them to use.
In the meantime, you and your team must stay vigilant and weary of any QR codes that you encounter and cannot verify. Unknowingly scanning a malicious QR code is a very easy way to become a victim and face disastrous results.
Our Technology Solutions Group includes a team of cyber security experts. We’re happy to meet with you for a cyber security risk assessment of your organization’s IT infrastructure. Or, you can contact us online or call 410.685.5512 with any questions.