Is your business safe from cyber crime?
A 2018 study of cyber risks to businesses revealed that a cyber crime costs small businesses an average of $35,000.
Businesses of all sizes suffered losses in excess of $600 billion globally last year. You may think your business is too small to be at risk from cyber crime - but you’d be wrong. Small businesses are more susceptible to cyber scams due to a general lack of preparedness or procedures in place to prevent, address, and effectively deal with cyber scams when they occur.
According to the FBI, the use of the internet to steal, misuse, or – through other illegal means – acquire information (whether for illicit purposes or not) is a growing national and global threat to personal privacy.
3 common cyber scams that small businesses should look out for in 2019 include: malware, ransomware, and spear phishing scams.
1. Beware of Malware
Malware is a common technique used by cyber thieves for gaining unauthorized access to a small business' computer system and client information. (The word ‘malware’ literally means ‘bad software’.)
Malware can be introduced into a small business computer system by an individual such as a disgruntled employee, or can find its way in through email or unauthorized flash drive. Once introduced, the malware’s purpose is to damage and destroy data.
Various types of malware that businesses have been exposed to include:
- Viruses
- Worms
- Trojan horses
- Ransomware
- Adware
- Spyware
A cyber thief may introduce malware to an unsuspecting victim through the use of spam or an email offer that looks official. Perhaps even warning about the potential for a cyber attack and offering a way to inoculate the company's computers for free (or a nominal cost).
2. Beware of Ransomware Attacks
A form of malware used to hold a company's data hostage in exchange for a ransom, cyber criminals embed ransomware in an email as a way to gain access to the system. The illegal software may transfer company data from a server, deny access, or set a "bomb" – a program designed to go off and erase or destroy data at a predetermined time if the payment demands of the cyber criminals aren’t met.
3. Beware of Spear Phishing
A targeted cyber scam directed at a specific individual or company, the aim of spear phishing is to uncover information about a company that would otherwise be non-disclosable.
These type of attacks have the goal of uncovering sensitive information – like bank routing numbers, social security or tax identification numbers – and using this information for financial gain. A common spear phishing attack involves the use of a trusted name or entity like Google or PayPal to lure victims into disclosing information (it should be noted that most companies such as the two mentioned, will NEVER request personal and sensitive information via a general email).
Protecting Your Business from Cyber Scams
No matter the size or industry of your business, there are steps you can take to reduce the chance of a cyber attack occurring - and reduce the damage if one does.
Visit StaySafeOnline.org for webinars, training, and information to CyberSecure your business.
Talk to your insurance professional about adding cyber liability insurance to your business insurance protection.
This type of insurance covers the technology services of a business, especially those systems that interface with or contain sensitive and private customer information. Interactions with the public that include online sales (eCommerce) or the collection of customer data (e.g. social security number, date of birth, banking information, etc.) put a business at risk. Hackers and cyber criminals have demonstrated an ability to gain unlawful access to a company's computer system. Such intrusions cost money, harm the reputation of the business, and leave data exposed to fraudulent exposure.
Cyber liability insurance is just one of the techniques available to a business to deal with the risk of a cyber scam. Although the potential for risk is always present (and can never be completely eliminated), being proactive allows a business to effectively minimize damages (financial costs) associated with cyber crime, including: credit monitoring for affected customers, reimbursement of loss associated with a cyber intrusion, reimbursement of legal fees and costs, etc.
Cyber criminals are getting more sophisticated in their methods as technology continues to evolve. Limiting a small business's exposure to such attacks is not only good business, it's good business sense.