Cybersecurity Risk Assessments: What They Are & Why You Need One
One essential tool in the cybersecurity arsenal is the cybersecurity risk assessment, a proactive method for identifying and mitigating potential...
5 min read
Adrian Ghira
:
Oct 15, 2020 7:47:39 PM
Data breaches should never be a question of “if” but rather “when”, while cyber attacks affect businesses of all sizes, small businesses are especially vulnerable.
Cybersecurity for small businesses can be a challenge, but GAM Tech wants to help every business avoid data breaches. Let’s arm you with some valuable knowledge:
Small businesses are more likely to experience a company breach, resulting in lost data such as email addresses, encrypted passwords, social security numbers, and other valuable confidential information.
1. The Common Thread To Data Loss |
2. What Is A Data Breach? |
3. Common Data Breaches Affecting Small Businesses |
4. 9 Common Data Breach Terms |
5. 6 Key Tips For Preventing Breaches |
Here’s what you need to know when it comes to common causes of data breaches and how to protect your small business.
There’s Often a Common Reason as to Why Data Loss Occurs:
Limited Resources: Sadly, many SMBs do not have the time, money, or people to plan and manage their business’ online security.
In fact, nearly half of all data breaches involve small businesses. The consequences of data breaches can be detrimental. It can be not only costly but also decrease a customer’s loyalty. And in the worst case, a business could suffer from a permanent closure.
You need to treat your data security as a top priority, so your company does not become another cybersecurity statistic.
A data breach occurs when unauthorized parties infiltrate computer systems, networks, or databases to gain access to confidential information.
They often involve the use/exploitation of personally identifiable information (PII) such as full name, email address, social security number, etc.
For larger companies, trade secrets, customer lists, account information, and software source codes could be exploited.
On average, the global average cost of a data breach is a staggering $4.45 million, which is a 15% increase over 3 years. (Link to IBM website)
Familiarizing yourself with common incidents that can affect businesses is essential for keeping your company safe and secure after all the best defence is a good offence.
Here are 8 common data breach terms, along with examples:
Malware is short for malicious software, malware is a blanket term describing software created with the intent to cause damage to networks, data, and/or systems.
Ransomware – Prevents or limits user access to systems and networks until users agree to pay a fee (ransomware) to have their information unencrypted.
Viruses – One of the most common forms of malware, viruses are malicious programs or code that “infects” legitimate, clean code on a user’s computer. Once executed (either unknowingly or through automated processes), viruses can spread quickly across a network, affecting other systems and users.
Spyware – This form of malware “spies” on the user, operating in the background to collect employee data, such as passwords, credit card numbers, internet usage and other sensitive data.
From here this data is then sent to data firms, advertisers or other external users, typically for financial gains.
80% of data breaches are a result of weak or stolen passwords.
Passwords that are easily guessed, based on personal details (i.e. your dog’s name) or ones used across multiple sites, will put your information at risk.
Another common source of compromised credentials is when an employee stops working for your company.
It doesn’t matter whether the employee leaves voluntarily or if they were let go, company passwords and logins must be managed in a secure way.
We have worked with clients using shared logins for some of their most important, cloud-based tools.
We asked how long since their last password change.
The answer:
“Oh, we’ve used the same password since we got that tool... 4 years ago.”
Any former employee who had access to that tool would have no issue loading up a web browser and logging into that piece of software.
In our digital world, it is extremely important to treat logins and passwords for tools and software with the same care as our ATM PINs.
If you’re interested in learning more about password security, follow these essential tips for stronger passwords.
Social engineering is a cyber threat that leverages human psychology rather than exploiting technical vulnerabilities. (Link to living security post)
Cybercriminals use manipulation techniques to exploit human error and gain access to a business’s sensitive data.
This type of data incident relies on psychology to deceive unsuspecting users into giving up information.
While social engineering comes in different forms, we’ve all experienced these kinds of attacks from:
They are also commonly known as phishing scams.
While our examples may make you giggle, every day, they’re trying to get more sophisticated.
At times, these types of attacks can look legitimate as an actual email from your credit card company or bank. Sometimes they can even come with an Excel or PDF attachment.
More often than not it will be coming to your inbox from an email address you recognize - a co-worker, vendor, client, friend, or family member.
Backdoor attacks refer to any method(s) used to circumvent a system, application or network’s standard security measures (a Trojan is a perfect example).
Once in, cybercriminals will seek a higher level of access to hijack devices, install malware, steal employee or customer data and more.
When too many users are granted too many privileges to your business systems, your information becomes more vulnerable.
You might recognize terms such as “Denial of Service” or DDOS Attack when thinking of these types of data breaches.
Keep admin privileges specific to a worker’s job function and remember, the less data users can access, the less likely it is to fall into the wrong hands.
Remember the former employee we talked about earlier? They’re not the only common source of data breaches.
An insider threat is a cybersecurity threat that originates from, within an organization. This can come in the form of employee data theft, which can cause highly damaging business data loss.
Usually, these threats come from a past or current employee, third party, or contractor who has access to a business’s databases, applications or network.
Remote work and the BYOD (Bring Your Own Device) approaches have proven beneficial to small businesses in terms of overhead costs and productivity, but they can also pose serious security threats.
For instance, employees commuting or working between different locations are far more likely to lose or misplace their devices.
You can't stop someone from being forgetful, so reducing this risk is usually found in "Two-Factor Authentication" (2FA).
You may have already experienced this type of practice with your personal Android or iOS devices.
Two-factor authentication is necessary for preventing unauthorized access to your company data and lowering the risks from misplaced devices.
Outdated software makes cybercrime easy for any hacker or malicious intruder.
Without regular software updates and the latest security patch installs, your systems and devices will not maintain the defences they need to thwart malicious attacks.
Ensure regular updates are part of your small business’s best cybersecurity practices.
Did you know, over 90% of data breaches are caused by human error? Because hackers love to take advantage of unsuspecting employees, it’s important to provide mandatory cybersecurity awareness training for your staff.
By limiting access to your data, you are limiting your chances for security breaches and data loss. Employees should only be granted access to permissions essential to the completion of their work.
These forms of security software are essential to safeguarding your businesses against any number of malware attacks (see above). Install anti-spyware and antivirus protection on all devices and be sure to keep them updated!
Encrypted data can only be accessed by users with the right encryption key. In short, encryption prevents your information from being read or stolen by unauthorized persons online.
Like encryption, a business VPN will prevent attackers from gaining access to your private network. Especially important for small businesses that rely on remote work, a VPN provides employees with a secure way to access company information, from anywhere, without exposing their data.
Last but not least, we recommend performing regular IT Security Risk Assessments as a means of identifying vulnerabilities within your business. This will help you prevent potential data incidents before they have a chance to take root and prevent costly downtime.
At GAMTech, we specialize in reliable, affordable and ultra-responsive IT services. Our mission is to help protect, scale and streamline operations for small to medium-sized businesses. For more information on the many cost-effective services we provide and how they can help your organization succeed, we invite you to get in touch with us!
One essential tool in the cybersecurity arsenal is the cybersecurity risk assessment, a proactive method for identifying and mitigating potential...
Small businesses are increasingly targeted by cyberattacks, challenging the misconception that hackers only focus on large enterprises. In reality, ...
Updated October 3, 2021 Once upon a time, a simple login and password was sufficient to keep your valuable business and client data safe. But, just...