By the time the average person takes a selfie and uploads it to Instagram, the next hacker attack has already taken place

Cybercrime is today’s fastest-growing form of criminal activity. And 43% of online attacks are now specifically aimed at small businesses.

Cybersecurity attacks threaten every size business but it is small businesses that are too often left – out of business – as a result.

The exponential growth and sophistication with which cybercrimes are evolving is a daunting reality for us all. So in this post we are sharing expert advice with their recommendations for protecting your business and your customers.

As a small business owner you may not believe anyone would target your website, but that’s just it – bad actors are likely not seeking out your site specifically, said Mark Risher, head of account security at Google. The distinction between targets of choice and targets of chance, Risher said. Targets of chance is when the attacker is just trying anything – they’re walking through the parking lot seeing if any of the car doors unlocked. Target of choice is when they’ve zeroed in on that one shiny, flashy car, and that’s the one they want to break into, so they try all the windows, doors, moon roof until they find the one they can access. With small businesses, there is a false confidence “that no hacker would choose me”. To their detriment, they are not factoring in the degree of automation that attackers are using.

Even the least-trafficked websites still average 62 attacks per day according to Neill Feather, President of Site-Lock, a global leader in website security.

  

Even the least-trafficked websites still average 62 attacks per day

How To Protect Yourself and Your Customers

 
How can small-business owners protect themselves and their customers? Since a great deal of cyberattacks can be attributed to automation, putting basic protections in place against phishing, malware and more can help your site stay off the path of least resistance. Here are five things you can do to help protect you and your customer’s data.
  

1. Use a Password Manager

There’s an exhaustive amount of password advice floating around but the most important is this, Risher said, Don’t reuse the same password on multiple sites. It’s a difficult rule to stick to for convenience’s sake, especially since 86 percent of internet users report keeping track of their passwords by memory.  Cybersecurity experts recommend password managers as efficient and secure workarounds. Free password manager options include LastPassMyki and LogMeOnce.

 

2. Set Up Multi-Step Account Verification

 
Phishing attacks are an enduring cybersecurity problem for large and small businesses alike.  90% of respondents to Proofpoint’s annual phishing survey reported experiencing phishing attacks in 2019, an increase from 83% the year before. Embracing a more cyber-aware culture -including staying vigilant about identifying potential phishing attacks, suspicious links and bogus senders – is key to email safety.
If you’re a Gmail user, recent company research suggests that adding a recovery phone number to your account could block up to 100 percent of cyberattacks from automated bots, 99% of bulk phishing attacks and 66 percent of targeted attacks. It’s helpful because in the event of an unknown or suspicious sign-in, your phone will receive either an SMS code or an on-device prompt for verification. Without a recovery phone number, Google will rely on weaker validation options with limited effectiveness against phishing attempts.
 
 

3. Back Up Your Data in the Event of Ransomware

Ransomware is a cyberattack in which a hacker holds your computer access and/or data for ransom.  Ransomware is the second leading malware action of choice by hackers in 2019, according to the Verizon’s 2019 Data Breach Investigations Report.  Hackers generally view it as a potentially low-risk, high-reward option, so it’s important to have protections in place for such an attack. Namely, have your data backed up in its entirety so that you aren’t at the hacker’s mercy. Tools such as Google Drive and Dropbox can help, as well as automatic backup programs such as Code42 (all charge a monthly fee). You can also purchase a high-storage external hard drive to back everything up yourself.
 
 

4. Enlist a Dedicated DNS Security Tool to Block Suspicious Sites

 
Since computers can only communicate using numbers, the Domain Name System (DNS) is part of the internet’s foundation in that it acts as a “translator” between a domain name you enter and a resulting IP address. DNS wasn’t originally designed with top-level security in mind, so using a DNSSEC (DNS Security Extension) can help protect against suspicious websites and redirects resulting from malware, phishing attacks and more. The tools verify the validity of a site multiple times during your domain lookup process. And though internet service providers generally provide some level of DNS security, experts say using a dedicated DNSSEC tool is more effective.  Free options include OpenDNS and Quad9 DNS.
  
 

5. Create a Security Culture – Educate Employees to be Cyber-Aware

About 90% of company breaches are caused by a phishing attempt. In these kinds of attacks, a cybercriminal often poses as a co-worker or a trustworthy organization such as a bank and tricks people into handing over sensitive information like passwords or credit card numbers.

Phishing attacks can be sophisticated, so it’s important to train employees to recognize the signs of phishing. These signs could include unusual requests for money or information, fake website addresses or suspicious email attachments.

 

Peace of Mind – Consider Contracting a Web Security Service

Paying a monthly subscription to a website security company may not be ideal, but it could end up paying for itself in terms of lost business due to a site hack. Decreasing attack vulnerability means installing security patches and updates for all of your online tools as promptly as possible, which can be tough for a small-business owner’s schedule.

For small businesses it’s especially important  to be vigilant about cybersecurity. Take proactive steps with these suggestions to avoid making your business vulnerable to hackers looking for their next target.

Got any tips to share? We love your comments and suggestions!

Til next time, stay safe and network secure.