By now, most business owners are aware that, regardless of business size, no one is immune from the risk of a cyber breach. Today’s hackers are highly sophisticated and have the means to attack any target they choose. While most small businesses don’t live in a blissful state of ignorance about the need for cybersecurity, many still haven’t taken sufficient measures to guard themselves against hackers.
According to a recent article in the Financial Post “An estimated US$3 billion flows into ISIL-controlled coffers annually”, and small business targets are becoming a large contributors. For many years the average small business was an unlikely target for a sophisticated cyber-attack. But now you are fair game. Just because your company is small that doesn’t mean it can’t net huge payoffs for attackers. Hackers are moving on to smaller and ultimately easier and more profitable thefts from small and medium-sized businesses because lax to non-existent security systems make for easy and quick money.
Once into your computer network, hackers can add to their coffers by harvesting the list of your contacts, installing ransomware on your systems (you have to pay a ransom to get your system back), use malware to capture your user credentials, or add key loggers to capture your keystrokes. A concentrated series of easy attacks against more-vulnerable small businesses can ultimately enable a hacker to orchestrate a much bigger attack elsewhere.
Why is that? First, smaller companies generally have much more vulnerable IT systems where security is minimal or average at best, and the hackers don’t get as much heat or attention when compared to trying to breach the much more complicated, state-of-the-art security systems of bigger firms and businesses. Second, the tools used by hackers and cybercriminals have become so cheap, so easy to acquire and so easy to use that almost anyone can do the dirty work – rocket scientists need not apply. Third, small business owners assume hackers would need to pick their business out of millions of others, not realizing that the attacks are automated and focused on discovering vulnerabilities.
Does Paris really change everything? Not as much as we think. We are certainly more aware of the risks to our businesses, but these risks have always been there. What does change is that we now realize the need to actively take measures to guard our businesses against hackers.
The use of a multi layered security system with many built-in road blocks will force the hack to thread ALL of them – you need only ONE road block to stop them. Here are four key steps you can take to setup your road blocks;
- Patch early – patch often
- Use a commercial grade anti-virus system
- Manage web access with content filtering
- Tighten the rules on your email spam filtering system
Bob Milliken is the TheITGuy@CascadiaSystemsGroup.com and specializes in helping businesses with their IT needs and “making it hard for the bad guys”.
Your comments are appreciated – ComputerCents@CascadiaSystemsGroup.com