Many small businesses have fallen into traps simply because they believe they’re too “small” to get the attention of those charged with regulating operations.
Some don’t have employee handbooks even though they are required to do so. Others have been very loose with designating workers as “independent contractors” when they clearly are not. Some have inaccurately deducted expenses for having a home office.
Today, the “we’re-too-small” mentality has trickled into the vernacular when it comes to cyber security, resulting in financial ruin. Frankly, the risks are greater with small businesses simply because one successful hacker or phishing expedition can close their doors.
However, it stands to reason that small businesses frequently don’t take the proper precautions. They may not have sophisticated IT professionals working on their behalf. Some may be too busy. Others simply believe it just won’t happen because hackers don’t target small companies.
It makes sense since because we rarely read about small companies that are targeted by cyber security. The big names in the corporate world are the ones getting noticed. For example:
- Foreign exchange company Travelex was the victim of a six-figure ransom that was timed when staff was on holiday.
- The UK’s National Trust was hit when alumni data and donors was stolen. It is part of a growing list of educational organizations and charities that are being victimized.
- Lloyd’s of London clients were threatened in a phishing effort that arrived in inboxes on apparent Lloyd’s letterhead that informed them that there “account has been disabled”.
These are a small sampling of cyber-attacks from last year. Thousands of similar attacks have been made on unsuspecting small businesses, which frequently, are as vulnerable – or more so — as larger organizations. We just don’t hear about them.
But small businesses have the same risks and are as targeted as large multi-national corporations. These attacks include credential phishing, malicious attachments and links, business email compromise, fake landing pages, downloaders, spam, and malware and ransomware strains. Many of these are tied to the coronavirus since people are spending more time online and working from home on employer computers.
With a bit of vigilance, training, and procedures, all businesses can operate safely and frustrate devious hackers. The following are some basic strategies that should become part of a corporate culture:
- Ransomware crooks rely on you not having back-up systems in place. You can essentially ignore ransomware if you have reliable back-up systems in place.
- Never click on a link directly from an email unless you know its origin. That email is more likely to contain spam, and the link could lead you to a virus-laden site that will infect your machine.
- Check for the secure icon alongside web addresses if you do visit a website. In the absence of that icon, you are probably visiting a scam site.
- Avoid giving out personal information via email if you receive an unsolicited email.
- Delete the email.If you do receive an obvious phishing email, there’s no need to panic! That email cannot hurt you by its mere existence. Do not download an attachment. When in doubt, delete the email.
- Track purchases carefully.During the pandemic, more than ever, keep track of any purchases to avoid fraudulent charges. Many credit card providers offer protections and will provide refunds.
- Use different passwords on every site. If one password is compromised, then at least your other accounts can’t be infiltrated.
- Change your passwords often.
- Type in URLs yourself. If you receive an email asking you to log into an account, you should type in the URL yourself to be on the safe side. That way, you’re 100% sure you’re on the legitimate page.
The point here is that no business is too small to be victimized by the growing number of sophisticated cyber criminals. The key is to take the proper steps to avoid situations that can put you out of business.
Jess Coburn is president and founder of Boca Raton-based Applied Innovations (www.appliedi.net), a firm that has helped businesses succeed in the cloud since its inception in 1999. Today Applied Innovations is one of Microsoft’s closest partners and a recognized industry leader in delivering high performance, secure cloud solutions.