CYBER SECURITY
Small Enterprise|November 2020
GREAT PROTECTION TIPS AGAINST CYBER ATTACKS WHEN WORKING FROM HOME DURING COVID-19

YOU ARE ONLY STRONG AS YOUR WEAKEST LINK

CYBER SECURITY FOR SMALL BUSINESSES

When you own a small business, the adage “you are only as strong as your weakest link” holds true when it comes to cybersecurity. That’s why you need to invest in the best security software for your business as well as in digital safety education for your employees.

Cybersecurity for your small business begins with digital security best practices education and training. Educate all your employees with the same best practices. When new employees join your team and best practices are updated, provide refresher training sessions.

The numerous advantages of today’s increasingly digitalized and interconnected world come with a price: Cyberattacks have become a serious threat – affecting our real-life and not only just data anymore. Comprehensive security mechanisms and a security-oriented mindset throughout the entire organization are essential to avert and control this risk.

Phishing occurs when a cybercriminal tries to trick an email recipient into opening a malicious attachment or clicking a link to a malware-laden website that could download ransomware. This method has remained popular over the years, which perhaps indicates that the person behind the computer keyboard can be the weak link in a company’s security.

GREAT PROTECTION TIPS AGAINST CYBER ATTACKS WHEN WORKING FROM HOME DURING COVID-19

In response to the COVID-19 pandemic, many businesses are adopting work-from-home strategies so it is a given that cybersecurity is a trending issue.

To target individuals and companies, cybercriminals are searching for opportunities to exploit coronavirus.

Below are some ways in which businesses and employees can protect themselves online. Working from home is the new Normal

As the world is trying to cope with the deadly COVID-19 and trying to find solutions to stop the spread of this pandemic, many of the common mass is trying to settle into a routine of work from home environment. Many problems can arise from this including how to balance different priorities like childcare and healthcare, how to maintain focus, and how to be resiliently productive without convenient tools or decided office space. There are many deals to be done for a major part of these challenges in what will be a short-term arrangement. Security is something that should not be compromised.

A win-win Situation for Cybercriminals

Many cybercriminals are keeping a keen eye out for the employees’ thirst for information to prepare for an attack. The most common cyber attacks include the attackers sending COVID-19 themed phony emails that are purposefully created to deliver official information to the virus. This is done so that people can be lured into these malicious links that install (RATs) Remote Administration Tools on their devices.

There have also been reports of malicious COVID-19 related apps that provide access to the mobile data or encrypt devices for the ransom of the attacker. More than 100,000 new COVID-19 web domains are created due to the pandemic that should be handled with suspicion even if they may not be malicious. Other ways that attackers are attacking people are taking advantage of the poor security of the employees that are working from home as they do not have the same kind of security that is incorporated in a corporate environment. It is also because enterprises haven’t implemented the right corporate security strategies or technologies that ensure all corporate-managed or corporate-owned devices have the same security issues regardless of whether they are on an open home WiFi network or connected to the company’s network.

Some responsibilities need to be shared between both, the business leaders as well as the individual employees to make sure that cyberattacks seldom happen and do not disrupt the work environment.

How businesses can respond

The business leaders in a time like this have taken the initiative of heightening the responsibilities to set certain expectations. They are focusing how their organization’s employees are managing security risks in the work environments, empowering their employees, and leveraging new technologies and policies. These messages must be released from the top of the organization and prominent examples must be set from the start.

Below are some recommendations from the business leaders.

Track the threats to your business

As a result of more employees working from home, business leaders must recognize potential vector attacks and safeguard the protection of their most valuable and sensitive information as well as business-sensitive applications.

Deliver true guidance and boost communication

Homeworking strategies are convenient and easy to follow that encourage employees to build a secure home working environment. This must contain a good interaction between employees with internal security teams about any malicious activities.

Offer the perfect security tools

Leaders should make sure that all the corporately managed devices are supplied with necessary security capabilities that exist with the same network security in the enterprise-level security measures to all the remote environments. Some of these capabilities include:

  • The system to safely and easily connect users to their business-specific cloud and on-premise applications like teleconferencing apps that are becoming even more relevant for remote work environments.

  • The ability to implement multi-factor authentication (MFA).

  • The ability to blacklist malware, exploits, and command-and-control (C2) traffic via real-time, automated threat intelligence.

  • All laptops and mobile devices must feature endpoint protection including VPN tools with encryption.

  • The ability to perform DNS sink holing to combat common phishing attacks and filter malicious domain URLs.

How individuals can respond

Individual must be able to follow the points and guidance that are instilled in them by organizations that take control measures.

  • Develop better password practice

Employees must utilize complicated passwords and multifactor authentication wherever possible and change them occasionally.

  • Encrypt your WiFi access point

Frequent changes must be implied by people with their default settings and passwords to lower the potential attack impact on their work of an outside attack via connected devices.

  • Update software and tools

On-time, individuals must install patches and updates in the mobile devices and other unique non-corporate devices that they may use for work.

  • Deploy a virtual private network (VPN)

There can be built a trusted connection between employees and their organizations and make sure the access is ongoing to corporate tools. They also provide additional protection against phishing and malware attacks in the same way as the corporate firewalls function in the office.

  • Avoid BYOD policies

BYOD is all about Bring Your Own Device, which is a practice of permitting employees to use their personal devices at work. But using personal devices as their work devices can be threatening. Avoid this concept for time being. Keep your personal and office devices separate. In case you are not using any service or tool at the office, don’t use it at home on your work device.

Be aware of COVID-19 lures

You would notice phishing e-mails, fake apps, malicious website floated out in the wild already. Exploiting the real-world tragedies is the right target for threat actors and COVID-19 is no exception.

Synopsis

Taking the above-listed effective steps at both at business and individual level can help you stay secure and avoid the most common security threats. This threat condition is not static. Hence, it is necessary to keep a check on evolving threats to avoid unwanted additional expenses and disruptions in the least affordable time of today.

Mamta Sharma

5 GREATEST CYBER SECURITY THREATS SMALL BUSINESSES FACE AND WAYS TO COMBAT

Small Businesses face equal cybersecurity threats as large enterprises. A common myth for small businesses is the idea of security being so obscure that your business is considered too small a target. However, this is not the case.

Attackers can target thousands of small businesses at once as they can increasingly automate attacks. Small businesses are often more targeted as they have less awareness of threats, less time and resources to invest in cybersecurity, and less stringent technological defenses. However, they are no less lucrative targets at the same time. The smallest of businesses can sometimes have access to large quantities of customer data, deal with huge sums of money, that under GDPR are all obliged to be protected. Small businesses sometimes collaborate with larger companies and hence hackers can utilize them to infiltrate the data of the larger companies.

Small businesses also have much to lose by being hit with a decimating cyber-attack. Based on a recent study, businesses lose $2.5 million with less than 500 employees per attack. It is quite devastating for small businesses to lose this amount of money via cyber breaches. Also, there is the reputational damage that follows through from being damaged by cyber-attacks.

Ransomware

One of the most common cyber-attacks damaging thousands of businesses yearly, Ransomware has recently increased as they are significantly the most lucrative forms of attacks. It involves the encryption of company data so that it can’t be accessed or used and then blackmailing the company to pay a ransom to get the data unlocked again. This leaves businesses with two very difficult choices to make – either pay the ransom and lose huge sums of money or handicap their services with a loss of data.

These types of attacks can largely damage small businesses. In 2018, with an average ransom of $116,000, 71% of ransomware attacks targeted small businesses. Attackers know the fact that smaller businesses are more likely to pay a ransom because they do not back-up their data that often and even to survive they need to be up and running at the earliest. The most affected industry in such attacks is the healthcare sector because locking a patient’s medical records and appointment times can decimate a business to the point that it has no option left but to shut down unless a ransom is paid.

Weak Passwords

Employees using weak or easily guessed passwords is another big reason why small businesses face threats. Multiple cloud-based services that need different accounts are utilized by many small businesses. Many sensitive data and financial information are carried by these services. This data can be compromised easily if businesses use easily guessed passwords or the same passwords for multiple accounts.

Phishing Attacks

Phishing attacks are the most massive and widespread cyber threats in the way of small businesses. Phishing accounts for over $12 billion for their increase in amount by 65% this year and also accounts for 90% of all the cyber breaches to happen in business losses. Phishing occurs when the attacker masquerades to be a trusted contact and lures the user to click on an infected or malicious link, install a malicious file, or provide them access to confidential information like credentials or account details.

Of late the attackers have become more and more convincing in pretending to be official business contacts. As a result, phishing attacks have grown much more in recent years. Small businesses have also seen a rise in bad actors using phishing campaigns to access business email account passwords from highly professional executives and then utilizing these accounts to request payments from employees.

Something that makes phishing accounts so devastating is that they are tough to combat. Instead of targeting technological weaknesses, they utilize social methods to target humans inside a business.

Managing a strong Email Security Gateway like ‘Mimecast’ or ‘ProofpointEssentials’ in the right place can prevent phishing emails from being transported to your employees’ inboxes. Phishing attacks can also be battled by securing your business through Post-Delivery Protection like IRONSCALES. These solutions allow the users to pinpoint phishing emails and report them to the admins so that they can delete them from all the user inboxes.

Malware Attacks

The second biggest threat in the way of small businesses is malware. It includes different cyber threats like Trojans and viruses. This is a malicious code created by hackers that create them to gain access to networks, data, or destroy it on the computers. Malware majorly is found on spam emails, connection with other infected machines or devices, and malicious website downloads.

These attacks are alarmingly damaging to small businesses because they can malfunction your devices that require expensive replacements and repairs to fix. These viruses can also provide access to hackers via a back door that can put the employees and customer’s data at risk. Small businesses will hire majorly those people who can use their own devices for work because it helps to save cost and time. This would, however, increase their chances of being attacked by a hacker as personal devices are more at risk to be attacked from malicious downloads than corporate devices.

Insider Threats

The insider threat is the final major threat that small businesses face. It is an organizational risk caused by employees’, business contractors’, former employees’ or associates’ actions. The actions caused by them could be simply through carelessness and ignorance that can cause harmful effects through greed and malice. According to a Verizon report in 2017, 25% of breaches in 2017 were the result of insider threats.

Synopsis

There are multiple leagues of threats facing small businesses currently. The best way to fight and protect their sensitive data and other information against these threats is to deploy a perfect stack of security tools in place, and impart Security Awareness Training to help users be aware of security threats and ways to combat them.

5 SIMPLE STEPS TO SECURE YOUR BUSINESS AGAINST PHISHING ATTACKS

Phishing is all about email fraud, which is a type of cyber-attack. A fraudulent person tricks the victims of such a crime into sharing their sensitive information such as passwords, financial information, and usernames. Phishing emails are one of the most popular ones and threatening online crimes that can target thousands of people at once. The advance form of this crime is Spear Phishing. It attacks a few targets using personalized emails. This personalization creates an assurance in the victim’s mind that the email is not a hoax.

COVID 19 Intensified Phishing Attacks

Continue reading your story on the app

Continue reading your story in the magazine

MORE STORIES FROM SMALL ENTERPRISEView All

PROFESSIONALISING THE FAMILY BUSINESS

Professionalizing the family business is critical for growth, continuity and perpetuity through multiple generations.

4 mins read
Small Enterprise
December 2020

THE DOs AND DON'Ts OF CYBER SECURITY STEPS TO PROTECT YOUR BUSINESS

Business safety is no more something good to have; it is a necessity. In today's world businesses need to acquire an increased level of awareness of safety for the sake of protecting themselves from cyber-attacks.

5 mins read
Small Enterprise
December 2020

WHY MILLENNIALS SWITCHING TO ENTREPRENEURSHIP FROM TRADITIONAL WORKING

Today entrepreneurship is more lucrative and challenging both.

4 mins read
Small Enterprise
December 2020

WHY ENTREPRENEURSHIP IS IMPORTANT TODAY

The term “Entrepreneur” seems to be in all genres of industries and has vividly different backgrounds. Some work tirelessly on a product that they believe in while others build personal brands.

6 mins read
Small Enterprise
December 2020

HOW PANDEMIC HAS IMPACTED INDIAN WOMEN ENTREPRENEURS?

Women entrepreneurs have been a major segment of the economy.

4 mins read
Small Enterprise
December 2020

8 LEADERSHIP SKILLS FOR WOMEN TECH ENTREPRENEURS

There is a lot of conundrum on how women entrepreneurs are being generalized and the way this world is unfair to them, etc. In some ways, they may be right, however, the time for women to prove their excellence is now.

4 mins read
Small Enterprise
December 2020

8 DIFFERENTIATORS EVERY SUCCESSFUL ENTREPRENEUR CULTIVATES

Entrepreneurs are quite an exclusive league of people. Some would sit and daydream about the joy of being boss of their own and create their business while those who are deep inside the business and have already considered all the rewards it has to offer, also think that it is quite a difficult path to walk on.

4 mins read
Small Enterprise
December 2020

8 CHALLENGES EVERY ENTREPRENEUR SHOULD OVERCOME

You need to be ready if you are planning to quit your regular job to start your venture because it is not a piece of cake.

4 mins read
Small Enterprise
December 2020

12 Attributes Of A Successful Entrepreneur

Success, in the entrepreneurial world, isn’t defined by the kind of grades you secure in school or the number of degrees you have under your belt.

4 mins read
Small Enterprise
December 2020

16 Best Franchise Business Opportunities For 2021

Franchising business which was a boom in the last decade is now moving into a different dimension, A change in the market trend with the new normal and lot of changes that have happened with work from home options, people losing jobs left right and centre.

6 mins read
Small Enterprise
December 2020
RELATED STORIES

The Little Jalapeño Plant That Could

I hoped it was an answer for my anxiety

3 mins read
Guideposts
November 2020

MFA Programs in the Time of COVID-19

Writers, teachers, and administrators plan for a new normal

10+ mins read
Poets & Writers Magazine
September - October 2020

Flexi cap funds, a new fund category introduced by SEBI

The capital market regulator, SEBI has introduced a new fund category in the MF industry - flexi cap funds. Flexi cap funds will be in line with erstwhile multi cap funds where fund manager can take equity exposure of at least 65% across market capitalisation.

2 mins read
Investors India
December 2020

Generosity Without Borders

Foreign missions actively participate in China’s effort to alleviate poverty

5 mins read
China Africa (English)
December 2020

The ‘Real' Deal

Hailing from Manipur, L. Rajnikanta Singh’s passion for art started early and only grew with time

4 mins read
Eclectic Northeast
December 2020

THROUGH HIS EYES

Innovation and creativity has no limit and Nicklas Hultman, a Senior Art Director, based in Haslev, Denmark reflects it in the best form. His Instagram profile @nicklas.h with more than 3k posts celebrate ‘Baroque Ikebana’ an artistic expression, where he combines everyday mass-produced objects like sneakers, socks, hammers, bricks, a showerhead, beer cans, rugs, or cleaning products along with floral arrangements and presents it in the form of a photo series. TMM talks to him to know more about the unique art form and his perspective.

4 mins read
TMM
December 2020

MANAGEENGINE: PROACTIVE CYBER DEFENCE, A KEY TO NATIONAL SECURITY

SAREEKA A. G., PRODUCT CONSULTANT, MANAGEENGINE, HIGHLIGHTS WHY GOVERNMENT ORGANISATIONS MUST BE PREPARED TO TACKLE CYBERATTACKS THAT POSE THREAT TO NATIONAL SECURITY AND INTEGRITY.

6 mins read
Security Advisor Middle East
November 2020

Cyber Safety First

How to identify and manage cyber risks as remote working becomes the norm.0

3 mins read
The CEO Magazine Asia
June 2020

Extending security infrastructure to work-from-home

Existing security tools may serve well to protect the remote-working environment, but they need to be configured to deal with the new realities and threats. Read to find out how

5 mins read
Voice and Data
May, 2020

First Impressions

Game of Thrones first drew a blank with this artist and educator…

3 mins read
ImagineFX
December 2019