A few years ago, my software company was a victim of a cybersecurity attack in which the intruders were able to get a hold of our Stripe account and change the bank information so that all the funds were being deposited into their own account.
It took our team at JustReachOut months to get our funds back and restore our operations to normal. We had some of the best tools to detect and circumvent such an attack, but what we failed to do was educate our employees on how and why they should use these tools.
There is a quote by Hamed Saeed of Pango that I use at our all-hands meetings to remind our team why it’s important to follow a security protocol: “Focus on your employees. Your employees are your first line of defense. If they don’t know how to respond in a cybersecurity-conscious manner, your company is at risk.”
If your employees are not educated, it’s going to be very difficult to protect your systems against the variety of threats that cybercriminals are using to steal your data.
We failed to educate our employees about cybersecurity back then and we learned our lesson. In this article I am going to explain some common cybersecurity threats to small businesses, the social impact of these threats and measures employees can take to mitigate them.
Common Cybersecurity Threats
Here are some of the most common cybersecurity threats small businesses face.
• Identity Theft: If a hacker steals an employee’s personal details, they might be able to use that to break into their work accounts.
• Ransomware: Hackers encrypt business data, halting operations until you pay a ransom to regain access to sensitive, essential data.
• Phishing: This can occur over the phone (opinions expressed in the blog are the author’s own), via text or through email. Hackers try to get you to click a malicious link, download a malicious file or give away sensitive information by pretending to be a trusted contact. They can use caller ID or email names of reputable service companies and government agencies to mask their real email addresses.
• Malware: These include viruses, worms and Trojans. Malware can be unknowingly downloaded to your computer by visiting unsecured websites, downloading infected files or installing suspicious applications.
• Password Hacking: Using weak passwords or reusing the same password on different sites can make you susceptible to password hacking.
• Unsecured Wi-Fi: If you use public Wi-Fi at airports, cafes or even in your apartment, you’re making your internet activity easily accessible to hackers.
Impact Of Cyberattacks
Recurring data breaches and cybersecurity attacks cause huge financial losses for businesses. Worse still, these attacks make consumers feel unsafe.
According to a survey by identity protection company Aura, “87% of U.S. adults see cybercrime being a threat to safety, more so than global warming (77%) and Covid-19 (81%).”
If your small business experiences a cybersecurity attack, you may suffer one or more of the following:
• Loss Of Credibility: Cyberattacks can hurt your business’s reputation and cost you sales in the process. Ping Identity’s 2019 survey showed that 81% of customers would stop engaging with a brand online after a data breach.
• Financial Losses: Whether you’re paying a ransom or containing the fallout of a cyberattack, you’ll be losing money.
• Disruption Of Business Operations: For some businesses, this is the lowest stakes result of a data breach or cyber threat. Still, disrupted operations can mean damaged reputation and sales losses for you.
• Stolen Intellectual Property: Having hard-won intellectual property stolen can be tough to recover from.
Four Tools Employees Can Use To Protect Themselves
Even the smallest of businesses can use the tools below to protect themselves from a cyberattack.
• Virtual Private Networks (VPNs): When an employee or a consultant needs to use the internet at a cafe, airport, library or hotel, they typically use a public Wi-Fi network. Accessing these networks can put your information at risk. Using a VPN encrypts all your information and keeps it safe. Yet most people forget about this; a study done in November 2021 by Pango Group, owner of Hotspot Shield VPN, found that only 30% of consumers who use security apps such as password managers actually use VPNs.
• Identity Theft Protection Software: As mentioned earlier, most hackers target employees’ personal details in order to break into their work accounts. Identity theft protection services such as IdentityDefense or Aura constantly scan public records and the dark web to find and detect any odd activity with your identity information.
• Anti-Virus Software: Good anti-virus software warns you about suspicious websites, scans potential downloads and scans your devices for viruses and other malware.
How Employees Can Prevent Cyberattacks
Educate your employees on best practices to prevent and detect cyberattacks.
• Update your passwords and use 2FA. Make sure that your employees are using password manager software to store and encrypt all their passwords. The passwords they create should be unique for each website or app with alphanumeric characters. Two-factor authentication is a must practice for all employees.
• Employees should review their credit reports. As mentioned earlier, hackers will target employee personal information in order to get access to business information. Make sure your employees are reviewing their credit reports and financial statements for any odd activity. Verizon’s DBIR study states that over 85% of data breaches involve a human element.
• Run regular backups and audits. Run regular file backups for your website, sensitive customer information and other company data. Audit your business’s cybersecurity status regularly. You can also automate some of the procedures by scheduling reminders for employees to change passwords and scan their work computers.
Your small business is valuable — to you, your customers and, unfortunately, to cybercriminals, too. A cyberattack or data breach can cost you financially and damage your brand’s reputation. Educating your employees about cybersecurity threats, their impact and what they can do to prevent them is your first line of defense.
By Dmitry Dragilev