SlideShare a Scribd company logo

Cybersecurity a short business guide

L
larry1401

Guia de cyberseguridad

Education
1 of 8
Download to read offline
Cybersecurity Credit: wk1003mike/Shutterstock The news often reports on incidents involving large corporations facing massive data breaches where the personal information of millions of consumers was potentially leaked. However, we don’t often hear reports about the hacking of small businesses, mainly because these types of attacks aren’t public knowledge. Many entrepreneurs don’t realize that small businesses are just as at risk for cyberattacks as larger companies, but they are. According to a report by Verizon, 61 percent of data breach victims were small businesses. Here’s an overview of everything you need to know to protect your business. In this article… 1. Why do hackers target small businesses? 2. Types of cyberattacks 3. Security solutions and what to look for 4. Cybersecurity insurance 5. Best practices for your business 1
Why do hackers target small businesses? While breaches at big corporations, such as Target and Home Depot, make the headlines, small businesses are still very much targets for hackers. Stephen Cobb, a senior security researcher at antivirus software company ESET, said that small businesses fall into hackers’ cybersecurity sweet spot: They have more digital assets to target than an individual consumer has but less security than a larger enterprise. The other reason small businesses are appealing targets is that hackers know these companies are less careful about security. According to Towergate Insurance, small businesses often underestimate their risk level, with 82 percent of small business owners saying they’re not targets for attacks, because they don’t have anything worth stealing. However, there are several reasons why small businesses are a prime target for cyberattackers. Ultimately, it’s because they’re easy to attack due to this complacent attitude and a lack of investment into cybersecurity measures. Since security breaches can be devastating to a small business, many SMB owners are more likely to pay a ransom to get their data back. And finally, small businesses are often the key for attackers to gain access to larger businesses that the SMBs work with. Types of cyberattacks In almost every case, the end goal of a cyberattack is to steal and exploit sensitive data, whether it’s customer credit card information or a person’s credentials, which is then used to manipulate the individual’s identity online. This is by no means an exhaustive list of potential cyberthreats, especially as hackers’ techniques evolve, but businesses should at least be aware of the most common types of attacks. APT: Advanced persistent threats, or APTs, are long-term targeted attacks in which hackers break into a network in multiple phases to avoid detection. Once an attacker gains access to the target network, they work to remain undetected while establishing their foothold on the system. If a breach is detected and repaired, the attackers have already secured other routes into the system so they 2
can continue to plunder data. DDoS: An acronym for distributed denial of service, DDoS attacks occur when a server is intentionally overloaded with requests until it shuts down the target’s website or network system. Inside attack: This is when someone with administrative privileges, usually from within the organization, purposely misuses his or her credentials to gain access to confidential company information. Former employees, in particular, present a threat if they left the company on bad terms. Your business should have a protocol in place to revoke all access to company data immediately when an employee is terminated. Malware: This umbrella term is short for “malicious software” and covers any program introduced into the target’s computer with the intent to cause damage or gain unauthorized access. Types of malware include viruses, worms, Trojans, ransomware and spyware. Knowing this is important for choosing what type of cybersecurity software you need. Password attacks: There are three main types of password attacks: a brute-force attack, which involves guessing at passwords until the hacker gets in; a dictionary attack, which uses a program to try different combinations of dictionary words; and keylogging, which tracks a user’s keystrokes, including login IDs and passwords. Phishing: Perhaps the most commonly deployed form of cybertheft, phishing involves collecting sensitive information like login credentials and credit card information through a legitimate-looking (but ultimately fraudulent) website, often sent to unsuspecting individuals in an email. Spear phishing, an advanced form of this type of attack, requires in-depth knowledge of specific individuals and social engineering to gain their trust and infiltrate the network. Ransomware: Ransomware is a type of malware that infects your machine and, as the name suggests, demands a ransom. Typically, ransomware either locks you out of your computer and demands money in exchange for access or it threatens to publish private information if you don’t pay a specified amount. Ransomware is one of the fastest-growing types of security breaches. Zero day attack: Zero day attacks can be a developer’s worst nightmare. They are unknown flaws and exploits in software and systems discovered by attackers 3
before the developers and security staff become aware of the issue. These exploits can go undiscovered for months, even years, until they’re discovered and repaired. Security solutions and what to look for There are a few different basic types of security software on the market, offering varying levels of protection. Antivirus software is the most common and will defend against most types of malware. For a side-by-side comparison of the best antivirus software programs for small businesses, visit our sister site Business.com. Firewalls, which can be implemented with hardware or software, provide an added layer of protection by preventing an unauthorized user from accessing a computer or network. Most modern operating systems such as Windows 10 come with a firewall program. Cobb, of ESET, advised that businesses invest in three security solutions. The first is a data backup solution so that any information compromised or lost during a breach can easily be recovered from an alternate location. The second is encryption software to protect sensitive data, such as employee records, client/customer information and financial statements. The third solution is two-step authentication or password-security software for a business’s internal programs to reduce the likelihood of password cracking. Remember, there’s no one-size-fits-all security solution, so Charles Henderson, global head of security threats and testing at IBM, advised running a risk assessment, preferably through an outside firm. Cybersecurity insurance One important solution that doesn’t involve software and that many small businesses overlook is cybersecurity insurance. As mentioned above, your general liability policy will not help you recoup losses or legal fees associated with a data breach. A separate policy covering these types of damages can be hugely helpful in case of an attack. According to a survey by insurance company Hiscox, only 21 percent of small businesses have some form of cyber insurance, with 52 percent indicating that they have no intention of acquiring any. 4
Tim Francis, enterprise cyber lead at Travelers, a provider of cyber insurance, said many small businesses assume cyber insurance policies are designed only for large companies, because those businesses are the most frequent targets of hackers. But many insurance carriers are beginning to offer tailor-made coverage for smaller companies to meet their budgets and risk-exposure levels, he said. Francis advised business owners to look for a combination of first– and third-party coverage. First-party liability coverage includes general costs incurred as a result of a breach, such as legal expertise, public relations campaigns, customer notification and business interruption. Third-party coverage protects you if your company is at the center of a breach that exposed sensitive information. This type of protection covers legal defense costs if the affected parties sue your company. “Coverage is more than words on a page,” Francis said. “Make sure your carrier is well regarded financially and has a good reputation in the industry. There’s tremendous variety in policies, [and] … you need an agent who understands the differences.” Best practices for your business Ready to protect your business and its data? These best practices will keep your company as safe as possible. Keep your software up to date. As stated in this Tom’s Guide article, “an outdated computer is more prone to crashes, security holes and cyberattacks than one that’s been fully patched.” Hackers are constantly scanning for security vulnerabilities, Cobb said, and if you let these weaknesses go for too long, you’re greatly increasing your chances of being targeted. Educate your employees. Make your employees aware of the ways cybercriminals can infiltrate your systems, teach them to recognize signs of a breach, and educate them on how to stay safe while using the company’s network. Implement formal security policies. Putting in place and enforcing security policies is essential to locking down your system. Protecting the network should be on everyone’s mind since everyone who uses it can be a potential endpoint for attackers. Creating a culture of caution and preventive practices will bolster your protection. Regularly hold meetings and seminars on the best cybersecurity 5
practices, such as using strong passwords, identifying and reporting suspicious emails, and clicking links or downloading attachments. Many companies enforce password policies that require employees to follow strict standards for creating passwords, such as including numbers, both uppercase and lowercase characters and symbols, as well as never using the same or similar passwords for different applications Practice your incident response plan. IBM’s Henderson recommended running a drill of your response plan (and refining, if necessary) so your staff can detect and contain the breach quickly should an incident occur. Ultimately, the best thing you can do for your business is to have a security-first mentality, Henderson said. He reminded small businesses that they shouldn’t assume they’re exempt from falling victim to a breach because of their size. 6
About Us Whether it's a food truck or a fashion line, a coffee shop or a consulting firm, Business News Daily's goal is to help entrepreneurs build the business of their dreams and to assist anyone working in a small business make smart decisions about products, services and ideas. Our reporting style is simple: We seek insights and advice from experts and then stick to the basics by bringing you concise, actionable information business owners can use to make the daily decisions required to start and grow their businesses. Mission Statement To provide the ideas, inspiration and solutions needed to help entrepreneurs and small business decision makers succeed. To learn more visit our website and follow us on social!

Recommended

Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
DamballaOverview
DamballaOverviewDamballaOverview
DamballaOverviewDavid C. Petty
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingTonex
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)GuardEra Access Solutions, Inc.
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of CompromiseSecurityMetrics
 

Recommended

Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
DamballaOverview
DamballaOverviewDamballaOverview
DamballaOverviewDavid C. Petty
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingTonex
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)GuardEra Access Solutions, Inc.
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of CompromiseSecurityMetrics
 
Cyber security
Cyber securityCyber security
Cyber securityBablu Shofi
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real WorldMark Curphey
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
Layered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsLayered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsMichael Kaishar, MSIA | CISSP
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
Threat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperThreat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperDuncan Hart
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNorth Texas Chapter of the ISSA
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Mindtree Ltd.
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1stevemeltzer
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptxCompanySeceon
 

More Related Content

What's hot

Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real WorldMark Curphey
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
Layered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsLayered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsMichael Kaishar, MSIA | CISSP
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
Threat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperThreat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperDuncan Hart
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of SecurityDM_GS
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNorth Texas Chapter of the ISSA
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Mindtree Ltd.
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1stevemeltzer
 

What's hot (20)

Cyber security
Cyber securityCyber security
Cyber security
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
 
Layered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsLayered Approach - Information Security Recommendations
Layered Approach - Information Security Recommendations
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
 
Threat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperThreat Lifecycle Management_Whitepaper
Threat Lifecycle Management_Whitepaper
 
Evolution of Security
Evolution of SecurityEvolution of Security
Evolution of Security
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.Vulnerability assessment and penetration testing service.
Vulnerability assessment and penetration testing service.
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1
 

Similar to Cybersecurity a short business guide

Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptxCompanySeceon
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptxlochanrajdahal
 
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdfSania Baker
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail SecurityIBM Software India
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences MagazineThe Lifesciences Magazine
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowShantam Goel
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 
Top 10 Methods to Prevent Cyber Attacks in 2023.pdf
Top 10 Methods to Prevent Cyber Attacks in 2023.pdfTop 10 Methods to Prevent Cyber Attacks in 2023.pdf
Top 10 Methods to Prevent Cyber Attacks in 2023.pdfMobibizIndia1
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Choosing the Right Network Security for Your Business - Minerva.pdf
Choosing the Right Network Security for Your Business - Minerva.pdfChoosing the Right Network Security for Your Business - Minerva.pdf
Choosing the Right Network Security for Your Business - Minerva.pdfonline Marketing
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxSkippedltd
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...Mverve1
 
Guarding the Digital Fortress.pdf
Guarding the Digital Fortress.pdfGuarding the Digital Fortress.pdf
Guarding the Digital Fortress.pdfMverve1
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 

Similar to Cybersecurity a short business guide (20)

Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptx
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail Security
 
Cyber Security Threats For Small Business- Detox Technologies.pdf
Cyber Security Threats For Small Business- Detox Technologies.pdfCyber Security Threats For Small Business- Detox Technologies.pdf
Cyber Security Threats For Small Business- Detox Technologies.pdf
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 
Top 10 Methods to Prevent Cyber Attacks in 2023.pdf
Top 10 Methods to Prevent Cyber Attacks in 2023.pdfTop 10 Methods to Prevent Cyber Attacks in 2023.pdf
Top 10 Methods to Prevent Cyber Attacks in 2023.pdf
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Choosing the Right Network Security for Your Business - Minerva.pdf
Choosing the Right Network Security for Your Business - Minerva.pdfChoosing the Right Network Security for Your Business - Minerva.pdf
Choosing the Right Network Security for Your Business - Minerva.pdf
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Retail
Retail Retail
Retail
 
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
Guarding the Digital Fortress Unmasking 10 Common Types of Cybersecurity Thre...
 
Guarding the Digital Fortress.pdf
Guarding the Digital Fortress.pdfGuarding the Digital Fortress.pdf
Guarding the Digital Fortress.pdf
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 

Recently uploaded

social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 

Recently uploaded (20)

social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 

Cybersecurity a short business guide

  • 1.
  • 2. Cybersecurity Credit: wk1003mike/Shutterstock The news often reports on incidents involving large corporations facing massive data breaches where the personal information of millions of consumers was potentially leaked. However, we don’t often hear reports about the hacking of small businesses, mainly because these types of attacks aren’t public knowledge. Many entrepreneurs don’t realize that small businesses are just as at risk for cyberattacks as larger companies, but they are. According to a report by Verizon, 61 percent of data breach victims were small businesses. Here’s an overview of everything you need to know to protect your business. In this article… 1. Why do hackers target small businesses? 2. Types of cyberattacks 3. Security solutions and what to look for 4. Cybersecurity insurance 5. Best practices for your business 1
  • 3. Why do hackers target small businesses? While breaches at big corporations, such as Target and Home Depot, make the headlines, small businesses are still very much targets for hackers. Stephen Cobb, a senior security researcher at antivirus software company ESET, said that small businesses fall into hackers’ cybersecurity sweet spot: They have more digital assets to target than an individual consumer has but less security than a larger enterprise. The other reason small businesses are appealing targets is that hackers know these companies are less careful about security. According to Towergate Insurance, small businesses often underestimate their risk level, with 82 percent of small business owners saying they’re not targets for attacks, because they don’t have anything worth stealing. However, there are several reasons why small businesses are a prime target for cyberattackers. Ultimately, it’s because they’re easy to attack due to this complacent attitude and a lack of investment into cybersecurity measures. Since security breaches can be devastating to a small business, many SMB owners are more likely to pay a ransom to get their data back. And finally, small businesses are often the key for attackers to gain access to larger businesses that the SMBs work with. Types of cyberattacks In almost every case, the end goal of a cyberattack is to steal and exploit sensitive data, whether it’s customer credit card information or a person’s credentials, which is then used to manipulate the individual’s identity online. This is by no means an exhaustive list of potential cyberthreats, especially as hackers’ techniques evolve, but businesses should at least be aware of the most common types of attacks. APT: Advanced persistent threats, or APTs, are long-term targeted attacks in which hackers break into a network in multiple phases to avoid detection. Once an attacker gains access to the target network, they work to remain undetected while establishing their foothold on the system. If a breach is detected and repaired, the attackers have already secured other routes into the system so they 2
  • 4. can continue to plunder data. DDoS: An acronym for distributed denial of service, DDoS attacks occur when a server is intentionally overloaded with requests until it shuts down the target’s website or network system. Inside attack: This is when someone with administrative privileges, usually from within the organization, purposely misuses his or her credentials to gain access to confidential company information. Former employees, in particular, present a threat if they left the company on bad terms. Your business should have a protocol in place to revoke all access to company data immediately when an employee is terminated. Malware: This umbrella term is short for “malicious software” and covers any program introduced into the target’s computer with the intent to cause damage or gain unauthorized access. Types of malware include viruses, worms, Trojans, ransomware and spyware. Knowing this is important for choosing what type of cybersecurity software you need. Password attacks: There are three main types of password attacks: a brute-force attack, which involves guessing at passwords until the hacker gets in; a dictionary attack, which uses a program to try different combinations of dictionary words; and keylogging, which tracks a user’s keystrokes, including login IDs and passwords. Phishing: Perhaps the most commonly deployed form of cybertheft, phishing involves collecting sensitive information like login credentials and credit card information through a legitimate-looking (but ultimately fraudulent) website, often sent to unsuspecting individuals in an email. Spear phishing, an advanced form of this type of attack, requires in-depth knowledge of specific individuals and social engineering to gain their trust and infiltrate the network. Ransomware: Ransomware is a type of malware that infects your machine and, as the name suggests, demands a ransom. Typically, ransomware either locks you out of your computer and demands money in exchange for access or it threatens to publish private information if you don’t pay a specified amount. Ransomware is one of the fastest-growing types of security breaches. Zero day attack: Zero day attacks can be a developer’s worst nightmare. They are unknown flaws and exploits in software and systems discovered by attackers 3
  • 5. before the developers and security staff become aware of the issue. These exploits can go undiscovered for months, even years, until they’re discovered and repaired. Security solutions and what to look for There are a few different basic types of security software on the market, offering varying levels of protection. Antivirus software is the most common and will defend against most types of malware. For a side-by-side comparison of the best antivirus software programs for small businesses, visit our sister site Business.com. Firewalls, which can be implemented with hardware or software, provide an added layer of protection by preventing an unauthorized user from accessing a computer or network. Most modern operating systems such as Windows 10 come with a firewall program. Cobb, of ESET, advised that businesses invest in three security solutions. The first is a data backup solution so that any information compromised or lost during a breach can easily be recovered from an alternate location. The second is encryption software to protect sensitive data, such as employee records, client/customer information and financial statements. The third solution is two-step authentication or password-security software for a business’s internal programs to reduce the likelihood of password cracking. Remember, there’s no one-size-fits-all security solution, so Charles Henderson, global head of security threats and testing at IBM, advised running a risk assessment, preferably through an outside firm. Cybersecurity insurance One important solution that doesn’t involve software and that many small businesses overlook is cybersecurity insurance. As mentioned above, your general liability policy will not help you recoup losses or legal fees associated with a data breach. A separate policy covering these types of damages can be hugely helpful in case of an attack. According to a survey by insurance company Hiscox, only 21 percent of small businesses have some form of cyber insurance, with 52 percent indicating that they have no intention of acquiring any. 4
  • 6. Tim Francis, enterprise cyber lead at Travelers, a provider of cyber insurance, said many small businesses assume cyber insurance policies are designed only for large companies, because those businesses are the most frequent targets of hackers. But many insurance carriers are beginning to offer tailor-made coverage for smaller companies to meet their budgets and risk-exposure levels, he said. Francis advised business owners to look for a combination of first– and third-party coverage. First-party liability coverage includes general costs incurred as a result of a breach, such as legal expertise, public relations campaigns, customer notification and business interruption. Third-party coverage protects you if your company is at the center of a breach that exposed sensitive information. This type of protection covers legal defense costs if the affected parties sue your company. “Coverage is more than words on a page,” Francis said. “Make sure your carrier is well regarded financially and has a good reputation in the industry. There’s tremendous variety in policies, [and] … you need an agent who understands the differences.” Best practices for your business Ready to protect your business and its data? These best practices will keep your company as safe as possible. Keep your software up to date. As stated in this Tom’s Guide article, “an outdated computer is more prone to crashes, security holes and cyberattacks than one that’s been fully patched.” Hackers are constantly scanning for security vulnerabilities, Cobb said, and if you let these weaknesses go for too long, you’re greatly increasing your chances of being targeted. Educate your employees. Make your employees aware of the ways cybercriminals can infiltrate your systems, teach them to recognize signs of a breach, and educate them on how to stay safe while using the company’s network. Implement formal security policies. Putting in place and enforcing security policies is essential to locking down your system. Protecting the network should be on everyone’s mind since everyone who uses it can be a potential endpoint for attackers. Creating a culture of caution and preventive practices will bolster your protection. Regularly hold meetings and seminars on the best cybersecurity 5
  • 7. practices, such as using strong passwords, identifying and reporting suspicious emails, and clicking links or downloading attachments. Many companies enforce password policies that require employees to follow strict standards for creating passwords, such as including numbers, both uppercase and lowercase characters and symbols, as well as never using the same or similar passwords for different applications Practice your incident response plan. IBM’s Henderson recommended running a drill of your response plan (and refining, if necessary) so your staff can detect and contain the breach quickly should an incident occur. Ultimately, the best thing you can do for your business is to have a security-first mentality, Henderson said. He reminded small businesses that they shouldn’t assume they’re exempt from falling victim to a breach because of their size. 6
  • 8. About Us Whether it's a food truck or a fashion line, a coffee shop or a consulting firm, Business News Daily's goal is to help entrepreneurs build the business of their dreams and to assist anyone working in a small business make smart decisions about products, services and ideas. Our reporting style is simple: We seek insights and advice from experts and then stick to the basics by bringing you concise, actionable information business owners can use to make the daily decisions required to start and grow their businesses. Mission Statement To provide the ideas, inspiration and solutions needed to help entrepreneurs and small business decision makers succeed. To learn more visit our website and follow us on social!