Cybersecurity is becoming a prolific problem as the digital world continues to grow. Because more and more small business are experiencing a digital transformation and moving online—or existing solely online, protecting your business and customer information from online hackers is a necessary precaution. Cybersecurity starts with you, the small business owner, and the employees who work for you.
If you own a small business or work for one, learning more about the ins-and-outs of Cybersecurity is a must to help protect against the common scams associated with it. What you can do to protect your small business from online thieves and mayhem? Let’s dive in and discuss those topics.
What is Cybersecurity?
Cybersecurity is the act of, you guessed it, guarding online assets, be them monetary or otherwise, from hackers. Or, as defined by the world-leading software telecommunications giant Cisco, “the practice of protecting systems, networks, and programs from digital attacks.”
Cybersecurity, in its most basic forms, can be anything from firewalls to endpoint detections, and even captcha tests. Also, “security questions” and other online forms that require personal information input all exist under the umbrella of cybersecurity, as well. One favorite technique used by hackers and scammers is called social engineering, and it’s imperative that employees and consumers become familiar with the tactics employed in these scams.
What is Social Engineering and how does it Relate to Cybersecurity?
Social engineering, in regard to cybersecurity, is the reason why most people are likely to become victims of fraud.
“Social engineers” design certain formats and online platforms, in some cases even building clones of popular (and trusted) websites to scam people from, to successfully manipulate a victim into taking specific actions like, say, wiring hundreds or thousands to a prospective client or partner. And, unfortunately, social engineering scams and phishing accounts only seem to be growing, year after year.
What Does Social Engineering and Breaks in Cybersecurity Look Like?
There’s a reason why phishing scams and other forms of online financial fraud are so easy to fall for: It can be incredibly hard to make them out from the real things they represent.
A case-and-point example is email-driving phishing scams. They seek to obtain personal information—like legal, addresses, security numbers, and banking information—to help “facilitate” transactions; these are especially common after tax season when scam agencies claim to be IRS agents that are keen on taking funds for unpaid taxes. In some cases, they’ll even shorten or embed URL(website) links, which appear to be legitimate, and redirect them to a fraudulent website 😲.
Be on the lookout, too, for things like pretexting and baiting attacks, as well.
How Prevalent are Cybersecurity Hacks?
Cybersecurity hacks and scam campaigns only seem to be increasing, year over year.
In 2017 alone, phishing scams increased over 50 percent from the prior year, affecting both consumers and the company’s they affiliate with. The Social Engineer has research to show that social engineered phishing scams make up about 70 percent of all financial cybersecurity attacks.
What Does a Cybersecurity Breach Look Like?
The last few years have seen an increase in cybersecurity attacks on small businesses, especially in regards to “Shipping Information.” For example, In the summer of 2017, internet security company Comodo put-out an all-too convincing phishing scam that affected more than 3,000 businesses.
An email titled “Shipping Information” would say that a delivery by United Parcel Service (UPS) would be expected at a customer’s address, and included a what looked to be legitimate package tracking link. But when the recipient of the emails open the link, they were met with malicious malware, potentially leaking financial and personal information to cyber thieves.
How Much Can it Cost Small Businesses?
In the end, small businesses can not only loose tens of thousands (or more) in revenue from having their own assets hacked, but they can lose the trust of their consumer base, as well. Once a customer has even one bad experience odds are they’ll never do business with that company again. And, as we know, loyal customers spend almost 70 percent more than new customers. Suffice to say you’d want to keep them happy and feeling like they can trust your business.
What can a Small Business do to Protect Themselves from Cyber Attacks?
While firewalls, virus-scanning software, and endpoint checks all do their part, cybersecurity starts with you and your employees.
Password security is one of the best protections against hackers—creating and implementing strong passwords throughout your organization—is absolutely free.
Three common types of attacks used by cybercriminals to gain access to passwords include brute force, dictionary attacks, and social engineering as discussed above. A brute force attack is when hackers. A longer and more random the password makes it harder for the program to crack. A custom dictionary attack uses a database filled with common words, names, and number/letter combinations. Shorter, more simple, and more generic passwords (such as "abc123" or "ilovegolf") are far easier to guess. Finally, as mentioned above, hackers use social engineering to gain access to company passwords. In a social engineering type of attack, a criminal uses a fraudulent persona—for example, posing as a member of the small businesses IT vendor's staff and may say something like, "your credentials have been compromised, I need your password to reset them"—to trick employees into willingly giving up passwords.
Trust your Gut
It sounds like a cliche, but this bit of advice still rings true: Trust your gut. If an email or online requests seems a bit odd or “too good to be true”—then it probably is. And even if you’re on the fence about said email or request, check with the consumer.ftc.org to make sure you’re not linking or clicking to any embedded malware front doors. If you see a suspicious email, check with the sender before opening it to verify that they really sent it.
Educate Yourself and Your Employees
Also, it’s important to educate your staff on how to protect themselves (and your small business) from such cyber-attacks. Consider making your staff take a quick (and free) e-course on cybersecurity, just to make sure everyone’s on the same page. This course from Small Business Administration provides an introduction to securing information in a small business. Topics include: Defining cybersecurity; Explaining the importance of securing information through best cybersecurity practices; Identifying types of information that should be secured; Identifying the types of cyber threats; Defining risk management; and Listing best practices for guarding against cyber threats.
When you and your employees take cybersecurity seriously, it’s a win-win situation for your customers and your small business.
Making sure your marketing is secure and that you are being good stewards of the data you collect on your customers is extremely important for customer retention and referrals. Using a secure CRM to manage your customer relationship can help. Keeping your customer data lying around on spreadsheets is not a sustainable and scalable way to secure customer data.
Read more about CRM's in our blog post on the 4 Benefits of Using a CRM for Small Business.