How to protect small businesses from cybercrime

Many people might be under the impression that the days of the “Nigerian Prince” email scam have long since passed. This hoax, which was designed to cheat gullible individuals out of money via mass email, became so well known that the term itself has long become part of the vernacular. It’s the information age’s ‘selling the Brooklyn Bridge’ story. While the theme has gone through many variations over the years, the ‘Advance Fee Scam,’ as it is called, is alive and well in 2019 with no signs of going away anytime soon.

The Nigerian Prince fraud is one of the earliest examples of mass cybercrime, an ongoing plague that is having a huge impact on medium and small businesses. Recent studies show these enterprises are victims of between 40% to 45% of all attacks.

The concept that small businesses would be less of a target because of their size is completely false. Here’s why:

• Big companies pour more resources into data security while smaller companies become more vulnerable.
• Smaller firms are the path of least resistance for hackers looking to penetrate various companies.
• Firms with few employees often don’t even have a formal internet security policy, making them even easier targets.

Attacks are getting more sophisticated.

The ‘Advance Fee’ scheme is a type of phishing scam, designed to get users to voluntarily provide key information like bank account data or credit card numbers, but that’s just the tip of the iceberg. About two thousand cases of banking malware attacks take place every day in the U.S. alone. These attacks steal that same financial data without the user even knowing. In general, malware is malicious software which is embedded in e-mail attachments like documents. Once the hackers have the information, they need only about 10 minutes to use it.

Ransomware is almost as popular. Another a type of malware, it comes from downloading infected files that were attached to an email or from suspicious websites. It then locks the device it was downloaded onto until a ransom is paid. The list of sophisticated threats is long.

However, there are certain steps that every business, big or small, can afford to take to lower the risk of falling victim to a cyberattack. General policies should be implemented and then there are some relatively simple action items that need to be checked off on a regular basis.

General policies:

1. Adopt a cyber security strategy. In case anyone hasn’t noticed yet, even small businesses are making more and more of their sales online. Even small brick and mortar stores are turning to digital commerce. To ensure even the most modest of platforms is properly protected, there needs to be clear directives of what should and should not be done online, how to secure various devices, etc.
2. Have an expert map out your system’s vulnerabilities. Only a small percent of small business owners hire a consultant to assess where the weak points are in their cybersecurity system. A professional should be brought in to point out what they are and advise on how to reduce the risks in each case.
3. Diversify security measures. As there are many different types of threats coming from various fronts and no one tool can provide a complete defense, there you need to find a combination of tools to minimize the potential threats to the system like the aforementioned malware and ransomware as well as key software like firewalls, spam filters, automatic data encryption, backup and more.

Regularly scheduled action items:

1. Make sure employees are trained in basic cybersecurity measures. Studies show that some 90% of all cyber security breaches are the result of human error, primarily from non IT staff members. To minimize threats, staff members should know how to implement the firm’s cyber security strategy, how to recognize online threats such as suspicious e-mails, how to identify if a device has been hacked, etc.
2. Ensure cybersecurity tools are updated on every device used in the business. This is even more important for laptops and mobile devices which often connect via external Wi-Fi networks which may be compromised.
3. Download software updates for your operating system and applications. OS & app providers regularly issue patches for newly discovered security threats which must be installed once they are available.
4. Back up important data in multiple locations. With the rapid growth of cloud computing, this has become a relatively easy step to take to ensure that a breach in one site will not cause irreversible damage to your business.
5. Enforce strict employee access procedures. Employees might find some of these rules a nuisance, but they are of the utmost importance. Make sure every staff member has their own user name and password. Passwords must be changed regularly and must be complex. Hackers have tools which can find commonly used passwords (12345, abcde, etc.) in a matter of minutes. Physical access and authorization to download software needs to be limited as well.

Even if you take all of these steps, there is, of course, no guarantee that your company or store won’t fall victim to a cybercrime. Perhaps the most important element that needs to change is the false sense of security. Many business managers and owners are complacent, which is exactly what hackers are counting on. Even with a good system in place, firms need to be constantly vigilant — otherwise they might find their most valuable assets compromised and in the hands of a “Nigerian prince” operating somewhere in cyberspace.

Uzi Scheffer is CEO of SOSA. To reach this contributor, send email to info@sosa.co.

See also:

• 6 ways SMBs can create an effective cybersecurity strategy
• 5 factors driving small business cyber insurance market growth
• How to underwrite 2019′s emerging cyber risks