(From the editor: This article was originally published on Small Business Solutions)
October is National Cyber Security Awareness Month, but cyber security is an issue that should be top of mind for every business, every day.
In order to help you protect your critical business data, start the conversation in your workplace about the importance of data security, and identify where your biggest gaps lie, this month we’ll be increasing our focus on security centered content.
Protection or prevention of any kind begins with understanding the threat. The biggest challenge for many small and medium size business (SMB) is knowing where to start. For most people, the words “cyber security” conjure images of hidden hackers on the hunt for your credit card information.
Realistically, your biggest security risks are more likely to be internal. To kick off Cyber Security Awareness month, Industry expert Rieva Lesonsky gives us her insight into the most common threats and risks, and what you can do to stay on top of them!
What Are the Most Common Threats?
The most common attacks against small businesses involve phishing/social engineering (48% of respondents).
One social engineering scam on the rise is “pretexting,” in which attackers send emails appearing to come from an executive or co-worker in the company. Pretexting often targets financial and HR departments in an attempt to access the business’s bank accounts or its employees’ personal data. According to Symantec’s 2018 Internet Security Threat Report, each user at a small business receives an average of nine malicious emails per month.
The second most common type of attack is web-based. In this situation, malicious software, or malware, installs itself on victims’ computers when they’re using the internet. Some 43% of Ponemon respondents suffered a malware attack.
Ransomware, in which hackers use malware to compromise your computer system and then demand a ransom to give you back your data, is also on the rise. In last year’s Ponemon report, just 2% of respondents reported ransomware attacks. This year, 52% of respondents say their companies experienced a ransomware attack; of those, 53% faced more than two ransomware incidents in 12 months.
Problems and Solutions
Employees continue to be the weakest link when it comes to cybersecurity. Of the respondents whose companies suffered data breaches, 54% say negligent employees were at fault.
Proper use of passwords and authentications can help. Some 59% of respondents in the Ponemon survey say they don’t know what password practices their employees are using. Only 43% of companies even have a password policy, and 68% of those admit they don’t strictly enforce it.
Beyond employees, some of your business technology could also be putting you at risk. For example, do you know unsecured networked printers can give cybercrooks easy access to your company’s sensitive data?
Xerox® printers and multifunction printers with ConnectKey technology can help. Their built-in security features help keep your printers secure from both external and internal threats. For example, you can use key cards, passwords or mobile devices for authentication control to restrict access only to authorized users. (Combined with the Xerox® Mobile Linkapp, this is a great way to enable mobile printing while still keeping data secure.) The printers also log user data so you can see who’s using them, and protect your data by encrypting documents sent to, sent from, or stored on your printers.
Whitelisting technology embedded in ConnectKey enabled printers protects against malware and notifies you of any attempts to compromise printer security, while Firmware Verification alerts you if any harmful changes to the printer are detected.
Protect Your Business with These Cyber Safety Tips
Cyber attackers continue to get sneakier and sneakier. By taking the necessary steps to protect your computers and networks, you can reduce the chance of your business falling victim to the crooks. To keep your business safe for cyber attacks, follow these tips:
- Install software to detect and prevent intrusion by viruses and malware.
- Train employees in cybersecurity practices, particularly regarding email and internet use, and enforce them.
- Use secure passwords and change them regularly. Don’t share passwords.
- Set software to update automatically; outdated software makes your network easier to breach.
- Consider purchasing cybersecurity insurance for added protection.
- When buying new hardware and equipment, look for products like Xerox® printers and MFPs with security features built in.