Business<br />
Insights that<br />
drive results

Blog

Business
Insights that
drive results

12/22/2016

Top-4 Cyber Crime Threats to Small Businesses and Banks Alike

EZ Shield December 22nd, 2016
Categories
Featured, Fraud & Risk

By Eugene Bekker

Bankers and small business owners: protecting your business against cyber crime is now more important than ever.

In 2015, the U.S. Director of National Intelligence ranked cybercrime as the No. 1 security threat in the country. Despite popular belief, cyber criminals actually prefer small businesses institutions simply because they are easier to infiltrate.

As technology advances, cybercrime tactics used to steal your business’ sensitive data will advance as well. Payroll outsourcing company Paychex cites that over 70 percent of cyber attacks specifically target smaller companies.

Let’s take a look at four crucial cyber threats that could impact your business’ data security in 2016.

Data Breaches

Businesses feel the effects of data breaches through financial losses and loss of customer trust. The number of data breaches that have occurred in 2016 – 725 – is on track to surpass last year’s total count of 781. Recovery from an SMB data breach can cost between $36,000 and $50,000, which can be especially devastating to smaller companies.

Firewalls are put in place to block criminals attempting to hack into your business’ network. However, malicious software that is mistakenly downloaded by employees is often the culprit behind data breaches. Employee error and accidental email/Internet exposure caused nearly 30 percent of all data breaches in 2015.

Malware

Malware is most often introduced to a company’s secure network via phishing emails sent to employees. Symantec noted that the number of spear phishing attacks targeted at employees working for small businesses increased by 55 percent in 2015. Knowing that only 7.9 percent of an SMB’s budget on average goes toward the business’ security, hackers are much more likely to launch cyber attacks against small businesses that have weaker security systems.

Network Vulnerabilities

Unauthorized access to your network via a security flaw can be damaging to your company. Hackers take advantage of security flaws within your business’ software because they act as backdoors into your network. According to the Cloud Service Alliance, 75 percent of all cyber attacks target known vulnerabilities.

The Shellshock bug continues to pose a significant threat to a wide range of businesses, accounting for 13 percent of all retail cyber attacks in 2015. Shellshock is particularly threatening to businesses because it affects commonly used server operating systems such as Linux or Unix. In fact, over 80 percent of Internet hosts sites are affected by Shellshock. If exploited successfully, the vulnerability can allow criminals complete access and control of your business’ network.

Mobile Devices

While mobile devices are meant to improve efficiency, criminals can also exploit unsecured laptops and smartphones to gain entry into your business. Many businesses allow employees to connect their personal devices to the corporate network — so-called “bring your own devices” or BYOD. However, this can pose a threat to your company’s cyber security since over 75 percent of employees do not secure their computers.

Criminals also target corporate cloud services because of the large pools of data they can hold. Even though many of today’s cloud services offer sufficient security measures to prevent hackers from accessing sensitive business data, initial misconfiguration or misuse by the business user of these services can lead to vulnerabilities in the services’ defensive features.

Finally, any device that is connected to the Internet can be hacked. Devices such as DVRs, printers and Smart TVs (known as IoT devices) can help hackers gain access to your business’ network through unsecured Wi-Fi networks. If successfully hacked, criminals can compromise these devices and turn them into “bots” that can be used to unwittingly target other victims as part of future attacks.

What should you do?

Follow these tips to help safeguard your company from this year’s biggest cyber threats:

  1. Implement the proper security measures.
    Use and continuously update firewalls to keep hackers out of your network. Furthermore, make sure to regularly update company software to patch any security flaws and known vulnerabilities.
  2. Properly train your employees.
    If your employees are educated about the common cyber threats specifically targeting them, they will be more likely to recognize a cyber threat and report it to you or your security team. Employees can help detect certain cyber threats earlier so that you address and manage them more efficiently.
  3. Secure your Wi-Fi network.
    Wi-Fi networks should be password-protected, encrypted and hidden from public view. Access to the secured network should be limited and monitored regularly.
  4. Adhere to strict regulations regarding the use of personal devices.
    Ideally, your employees should not use their personal devices on the business’ secure Wi-Fi network. If it is absolutely necessary, dedicate a separate Wi-Fi network for their personal devices to protect your business’ servers should the network be compromised.
  5. Consider allocating a separate network for your IoT devices.
    Similar to the personal devices, having a separate network for your IoT devices will decrease the chances of hackers gaining access to your business’ main network.

Cybercrime continues to target small businesses. Follow Fighting Identity Crimes to learn more about how you can combat the various cyber threats targeting your company.


The content on this blog is copyrighted by EZShield and used with their permission. Click here to see the original article.

Eugene Bekker originally joined EZShield in 2008 as a consultant and today he oversees the architecture of the core technology platform, as well as manages EZShield’s security and compliance program. Prior to EZShield, Eugene was the Chief Architect at PowerVision Corporation, an Information Technology and application development consultancy. He boasts over 20 years of experience in the areas of Information Technology and software engineering. Eugene holds a BS in Computer Science from the University of Maryland, Baltimore County and an MS in Computer Science from The Johns Hopkins University.