Picture this scenario: It’s Saturday night and you’re browsing Netflix on your work laptop, searching for that one movie that will make blowing off your friends for the third consecutive weekend worth it. The last thing on your mind is cyber security.
As you mouse over “Turner & Hooch” for what seems like the 12th time, a notification pops up in your Google Chrome browser. It reads: “The HoeflerText font was not found,” and prompts you to download it. Forbes reports this font installer is actually what’s called a “dropper,” and the notification actually delivers highly sophisticated Spora ransomware.
This kind of mistake doesn’t just happen to everyday users like you and me. A report by The Heritage Foundation shows that breaches in cyber security aren’t uncommon. In 2016, huge companies like Wendy’s and Verizon were hacked. Even voter records, the U.S. Department of Homeland Security and the FBI weren’t safe from breaches.
Okay, these are big names. Hacking into places like Blue Cross Blue Shield can yield powerful results. Hundreds of thousands of people will have their personal information logged with a large company, and the payoff is clear. But that doesn’t mean small businesses aren’t also at risk.
TripWire reports that 71 percent of cyber attacks target small businesses. The reasoning? TripWire said it’s because cyber criminals know small businesses don’t have the funding to pay for cyber security the way big companies do. And it turns out these small businesses are successfully hacked within the first six months of starting.
So, if big names can have their information pried open for the rest of the world to see, does that mean small businesses don’t even have a shot at protecting their most valuable data?
Turns out, the federal government knows small businesses have a target on their backs and want to protect Americans from hackers. That’s why the Federal Communications Commission has a whole section of its website dedicated to keeping small businesses safe. Here are a few of its best tips:
Train employees in security principles
The FCC suggests creating a standard, across-the-board set of policies for your company and then making sure your employees adhere to it. The FCC even has a feature that lets businesses create free, customized cyber security planning guide. (You can check that out here). Establish rules of behavior describing how to handle and protect customer information and other vital data.
Passwords and authentication
Some places make their employees use two-step verification, others make employees change their passwords every few months or so. Either way, the FCC believes it’s better to be safe than sorry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.
Secure your Wi-Fi networks
If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted and hidden. Password protect access to the router.
Control physical access to your computers and create user accounts for each employee
Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended.
The FCC also recommends taking the time to do a cyber security check up at staysafeonline.org.
A threat by any other name is just as dangerous
The Google Chrome ransomware example is just one of many threats for which you should be keeping an eye out.
According to the U.S. Small Business Administration (SBA) website, tampering can take the form of website defacing, system hacking and compromising web pages with unfamiliar code that will download spyware to your computer. Tools such as Ninite can online browsers protect themselves from online malicious downloads.
Think about if your entire client list received emails from a Nigerian prince offering to give away his fortune. Now, imagine someone actually believed it. Those are called phishing emails and they can lead to some serious damage if the victim gives away their personal information.
Denial of service attack
Your system crashes or your computer locks up. This can happen when hackers use all available bandwidth to slow performance or other tactics that mess with firewalls.
Malicious code or viruses
Viruses can hide in programs or documents and when unleashed onto a computer, can steal or delete data.
How can you and your business’s employees learn more about cyber security? The SBA actually offers a 30-minute course aimed specifically at training small businesses on cyber security.
In the meantime, make sure you and your coworkers don’t click on anything funny. Remember, if you think that display add telling you you’ve won a free cruise is too good to be true, then it probably is.