Cyber criminals are going after small businesses more than ever, with startups at the greatest risk. Targeted attacks on small businesses increased 42% in 2012 from the previous year, according to a new report by the $6.9 billion security software giant Symantec Corp, headquartered in Mountain View, California.
Symantec’s 2013 Internet Security Threat Report, Volume 18, highlighted cumulative data of attacks in 2012. One of the main findings was that 31% of all targeted attacks are directed at small businesses with less than 250 employees. Moreover, cyber attackers target startups as quickly as two months after a new business sets up its website and exchanges its first emails and instant messages. Within 10 months, most startups have been infected with malware, the report states.
Small businesses are easy targets for cyber criminals for several reasons; one being the lack of security practice. Small business owners are mistaken in believing they don’t have what cyber attackers want and thinking that they are immune to attacks targeted at them, says Kevin Haley, director of product management for Symantec Security Response, a worldwide team of security engineers, threat analysts and researchers.
What cybercriminals want most is money, which they try to get their hands on by collecting various information including bank account numbers, customer data, and intellectual property. According to Symantec, this information can be accessed when cyber attackers use sites to redirect users to malicious sites, or when they send emails with links to bad websites. The threat report further showed that roughly 32% of all mobile threats steal information.
Criminal activity is often driven by crimes of opportunity. Attackers know small businesses are less careful in their cyber defense than larger enterprises and they use this to their advantage. Symantec’s threat report also revealed that attackers use small companies to lure in larger companies. Being that a larger company’s defenses usually stop attackers from gaining access to their data, they often target a smaller business that has a relationship with a larger company in order to gain access.
Haley offers the following six tips on how small business owners can protect their companies from cyber attacks:
1) Know what you need to protect. Most businesses have customer information that would cause harm to the business if lost or stolen. Others have intellectual property. One data breach could mean financial ruin for a small business. Look at where your information is being stored and used, and protects those areas accordingly.
2) Use a reliable security solution. Antivirus alone is not enough. Small businesses need to leverage security solutions that employ a defense-in-depth approach, relying on multiple technologies such as intrusion prevention, browse protection, and behavioral-based malware detection in addition to traditional signature-based protection. Today’s solutions do more than just prevent viruses and spam; they scan files regularly for unusual changes in file size, programs that match known malware, suspicious email attachments and other warning signs. At a minimum, you need a solution like Norton Internet Security or Symantec Endpoint Protection. If your company manages its own network make sure you have appropriate security at the gateway and the mail server.
3) Stay up to date. Be sure to keep computers up-to-date with the latest patches and updates to increase resistance to attacks. Unpatched systems give attackers easy ways to force themselves into your environment. And a security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.
4) Educate employees. Develop Internet security guidelines and educate employees about Internet safety, security, and the latest threats. It’s essential that employees learn to spot the telltale signs of social engineering tricks, which include undue pressure or a false sense of urgency, an offer that is literally too good to be true, a bogus “officialese” in a attempt to make something look authentic.
5) Enforce strong password policies. Using passwords with eight characters or more as well as a combination of letters, numbers, and symbols (e.g., # $ % ! ?) will better help protect your data.
6) When in doubt, throw it out. Links in emails, tweets, posts, and online advertising are often the way cyber criminals compromise your computer. Get rid of anything that is out of the familiar.