Today, cybercrime is unfortunately a big risk to businesses of all sizes. Including small and medium sized businesses. And being victim of a cyber-attack has potential to cause significant business disruption. In fact,research from the Federation of Small Businesses (FSB) suggests that small businesses are collectively subject to nearly 10,000 cyber-attacks a day.
The research lists the common types of cyber-attack suffered as:
Here we look at these types of cyber-attack, how they can impact your business and steps you can take to minimise risks.
Phishing Attacks
A phishing attack will typically utilise email as a method with which to gain confidential and /or sensitive information.
Phishing emails will typically be sent by criminals under the guise of being from a legitimate source e.g. a bank, business or email provider. They will aim to confuse the user and trick them into providing the information required such as bank details, passwords, usernames or credit card details.
Phishing emails continue to be commonly used and it is also recognised that they are becoming more and more sophisticated and difficult to spot. This article gives an overview of 10 types of phishing attacks.
From a business perspective, an unsuspecting employee may click a link or open an email and unknowingly open your business up to cyber-attack. So, it is vital that you increase staff awareness of these types of attack, train them to be vigilant and speak up if something doesn’t look right and have the confidence to challenge requests. Alongside this you can also purchase phishing protection software which can help defend you.
Malware
Malware is a term for malicious software. Software that has been built to make its way on to your computer and manipulate and damage it. Malware can also record and steal personal and sensitive data.
There are many types of malware including viruses, worms and trojans, Adware and Spyware, and Bots. Read this article for an overview of these types of malware.
Make sure you have anti-virus software installed across your network and run regular scans to detect any malware. And as with phishing attacks, train your staff to be vigilant for requests, links or emails that may not be genuine and could allow malware to infect your system.
Fraudulent Payment Requests
Fraudulent payment requests can again come in many forms but will typically see scammers impersonating a senior member of staff and encouraging a more junior member of staff to make a payment outside of usual conditions. This may be on the basis of securing an important contract etc.
Or scammers may pose as genuine suppliers and request a change of bank details to be made.
Either type of fraud results in payments being made to the cyber criminals and the business losing, potentially large amounts, of money.
Awareness and vigilance are again key in the bid to reduce the risk of falling victim to these types of attack.
Ransomware
Ransomware is a type of malware which effectively blocks access to a computer system (through encrypting files etc) until a sum of money is paid.
Common ways for ransomware to enter a system are through clicking a link or downloading an attachment from an email (e.g. a phishing email).
Putting in place anti-virus software and other security software can be a good step to take in protecting against ransomware attacks. Likewise, always update your systems with suggested patches as these will often fix any security vulnerabilities that hackers may look to take advantage of.
It is also important to back up your files – if you have another copy of all of your files which can be accessed outside of your network the threat of a ransomware attack will be minimised. Having copies of your files available to you even if your systems were hacked and encrypted means the threat of ransom is not so compelling.
Investing in cyber security will be vital to protect you against business disruption related to suffering a cyber-attack. As will training your staff to be wary of anything that doesn’t look right and to ensure that your business culture encourages people to speak up and question things. Read our recent blog on why it is important to include cyber risk in your disaster recovery plan here. You can also invest in cyber insurance which can help with business recovery following a cyber-attack in areas such as business interruption, costs of a privacy breach, damage caused by hackers, extortion cost and support following an attack.
Remember it is important to acknowledge cybercrime as a real business risk and take the necessary steps to reduce your vulnerability and possible impact of business disruption.