Kiril V. Kirilov
04 November 2018
When reading the news, people tend to think cyber security is a problem limited to large corporations such as Yahoo, Equifax, or eBay. Data breaches at these corporations exposed personal data and account info for millions of their users. Nonetheless, more than 40% of cyber attacks are targeting small businesses. According to a survey by Small Business Trends, 49% of these attacks are web-based while 43%are occurring as phishing attacks. A firewall, an antivirus suite, and a business VPN are the first line of defense for small and medium businesses that are potential victims of increasingly sophisticated cyber attacks.
With cyber attacks on businesses maintain a threat, according to a report by ICASA, the worst business strategy is to do nothing and wait for a cyber attack to hit you. Small businesses should be proactive in implementing preventive IT security measures such as virtual private networks (VPNs), antivirus software, and heuristic firewalls.
Massive data breaches such as those that occurred at Yahoo and Equifax affect tens of millions accounts. Some data breaches expose info that is useful to malicious hackers, and sometimes the leaked data is mostly unusable. If the victim company is fast to act and respond to a cyber attack, then all other stakeholders and people whose data was leaked are able to take measures to mitigate further risks. Some corporations simply try to hide such incidents, which ultimately makes things worse in the end for both the companies and their clients. Among other things, this t means that the number of hacking attempts, both successful and unsuccessful, is surely even larger than the publicly available figures suggest.
Many malicious agents are after business data belonging to small businesses, too. A major problem therefore is that a small business may not notice that its systems are compromised until weeks or even months after a successful cyber attack.
Source: Statista
What are hackers looking for with small businesses? The average cybercriminal will be after login credentials that give them access to credit cards, bank accounts and online wallets. Your business competitors are most interested in your financial and strategic business development plans. A government agency could be snooping on your communications for their own specific reasons.
With a growing number of SMBs taking advantage of remote access to their systems, adopting cloud-based solutions, and enabling employees to connect to corporate servers from home, it’s imperative that your corporate communications encrypted and secured using a virtual private network (VPN).
How does a VPN work? Simply put, it uses a secure tunnel to connect two online users through one of the VPN service provider’s servers. You can use a standard VPN provider that white labels for business, or you can also use an unencrypted VPN connection to browse the internet and opt for data encryption when connecting to your corporate IT systems. The ultimate goal is all the same: to protect your internet connection against snooping, hacks, competitors, and governments.
Cyber security as a standard practice is is proving to be one of the biggest burdens on SMBs. A survey by the Ponemon Institute reveals that 69% of small and medium businesses lack an adequate staff and/or budget to deal with increasing cyber security threats. Adoption of affordable and easy to use IT security software such as a business VPN is just a no-brainer at this point as an easy way to protect your business.
Cyber security in your small business is not just about viruses anymore. However, malicious software such as ransomware, data stealing code, keystroke snoopers, and software that spies on your business and personal communications use methods first developed by virus makers.
A modern arsenal of data thieves, however, includes also methods such as phishing, social engineering techniques, as well as combinations of these methods to trick you into downloading malicious code or enter sensitive data into an online form. And the number of malicious code variations is growing on a daily basis.
Source: Kaspersky
A secure internet connection alone cannot protect you against such online threats. Clever use of both heuristic antivirus suite and a reliable business VPN can. How? A reliable antivirus software uses heuristic methods to check for unknown cyber threats. Older antivirus suites checked for viruses against a database of known virus signatures, while an enterprise-grade application should be able to find threats not yet known to security researches. The same applies to a decent business VPN services. CyberGhost VPN, for instance, run a thorough check on any URL you visit in a dedicated database.
Such preemptive measures that include communication over a secure VPN connection are mandatory in an online environment where state-level snooping software is available to anyone who can pay the price for it. Both foreign governments and business entities are able to purchase sophisticated hacking tools. It’s no wonder targeted attacks against SMBs are on the rise globally.
As apocalyptic as it may sound, any of your business processes and procedures is under threat of being compromised. The same applies to your business-critical data such as customer records, accounting records, and financial transactions. Using or providing business web services over a non-SSL connection is a risk. Getting and sending email messages over non-secure connections is risky. Unsecured point-of-sale software that connects to an unsecured network poses risks.
The truth is that anyone who is able to snoop on an unsecure network connection is also able to collect all the credentials required to further penetrate your computing systems. Remote access to networked business systems is the new norm, so the entire hacking process can be performed after compromising the login credentials of a single employee.
Widespread use of mobile devices to access business networks poses even greater risks. Allowing your employees to connect to corporate systems remotely or on the go without implementing a corporate VPN should not be permitted due to the security risks it poses Your SMB needs a VPN client installed on every single piece of mobile hardware connecting to your business systems. Furthermore, you may need a platform for the management of mobile devices enabling you to block and wipe out any stolen or lost mobile device.
Source: Statista
IT security is not what it used to be a decade ago. A small business usually does not have the required IT staff to fight cyber criminals and lacks the underlying infrastructure and expertise to withstand sophisticated cyber attacks.
If you look at a document titled The Center for Internet Security’s Critical Security Controls for Effective Cyber Defense V 6.1 (CIS Controls,) you’ll find that a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. The CIS Controls consist of a relatively short list of high-priority measures for every size enterprise seeking to improve their cyber defense according to the Center for Internet Security experts.
The list, provided and analyzed by the System Administration, Networking, and Security Institute (SANS), comprises of “just” 20 measures, such as continuous vulnerability assessment and remediation; maintenance, monitoring, and analysis of audit logs; limitation and control of network ports; boundary defense; and penetration tests and red team exercises. Is the average small and medium business able to address all those requirements? Probably not.
So, the answer is to adopt ready-made solutions such as enterprise-grade VPN software to protect business communications and combine it with business level antivirus suites and firewalls that do the heavy lifting.
As we said before, cyber threats are evolving and are no longer restricted to viruses and infections. Malware can be planted on your computers that can collect all sorts of data – from login credentials to personal data to consumer information or your financial records.
A new type of attack called Distributed Denial of Service (DDoS) is getting traction, most recently using unpatched servers and vulnerable Internet of Things devices to attack online services and websites. Some VPN service providers, such as PureVPN, have started offering protection against DDoS attacks, which rely on an unmanageable number of service requests to completely block a website rendering it unavailable online.
Trojan viruses, for their part, are usually after your online banking credentials. These are hard to detect, and you need an advanced antivirus suite to spot and remove Trojans. The programming code of Trojan-type viruses has evolved into ransomware code, which encrypts your data and then asks for ransom to be paid for un-encrypting it. This is doubly bad news because some ransomware apps apply a level of encryption or use encryption methods that make it very hard, if not impossible to decrypt the data under attack.
A survey by Cyren and Osterman Research reveals that about 63% of SMB IT managers have increased security spending in the year before October 2017. IT security budgets have been increased by almost a third, or 27%, on average per year. Nonetheless, just about half of these IT professionals say they feel confident when it comes to protection against data breaches and cyber threats.
The major concerns of IT managers across the small and medium business include ransomware (62%), phishing (61%), and data breaches (54%). Your SMB obviously needs a comprehensive strategy to fight those threats, and you should consider adding a business VPN to your tools cyber security suite.
According to a 2017 report by Norton Security, hackers have managed to steal $172 billion from 978 million consumers in twenty countries. It’s no surprise that two-thirds of consumers believe they will be the victim of a data breach. CSO reports that in 2017, the financial impact on SMB as a result of targeted attacks only averaged $188,000.s.
It is not about how but when one cyber threat or another will hit your small business. The best approach toward securing your business data and preventing malware from penetrating your business systems is to take a proactive approach and utilize all available means for fighting cyber threats.
As we mentioned above, you need at least three lines of defense: a firewall, an antivirus, and a VPN. All of them should provide enterprise-grade protection against cyber threats such as predictive alerts about unknown threats as well as secure communications about the VPN connection. While your firewall and antivirus suites are intended to prevent attackers from penetrating your computing systems, the role of the business VPN is to protect your internet connection. While most VPNs are applications you install on a desktop or mobile device, VPN hardware is also widely available on the market, combining hardware and software defenses into a more powerful tool.
Other precautions should include training your employees about how to avoid suspicious sites and online services, as well as instructions for how to safely access and operate your business systems remotely. If you have adopted a BYOD policy in your business, you should definitely include all devices used by your employees for business in your comprehensive cybersecurity strategy. The mandatory use of a corporate VPN connection to access corporate computing resources and communicate business tasks is a mandatory point on this strategy.
After reading this guide, you should be well aware that hackers don’t make exceptions for small business owners; even a mom-and-pop shop is vulnerable if not protected. In fact, small business are more vulnerable to hacks of all kinds, and that is why hackers love to prey on SMBs.
Fortunately, you can mitigate cyber risks by adopting a strategy involving a few simple steps.
Creating an easy environment for hackers increases the risks of falling victim to a hacking attack. Adopting a cyber protection strategy for your business is not that expensive, though it does require some specific skills. Nonetheless, you can build the first line of defense by yourself, adding and using tools such antivirus software, firewall, and VPN in a proper manner and proactively.