5 Ways a Hacker May Target Your Small Business

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow

Cyberattacks only happen to large corporations because they hold the most personal and sensitive data, right? Wrong. While the media often leads us to believe cyberattacks are only occurring on high-profile organizations holding a lot of data, the statistics show us otherwise. An article on Information Security Buzz takes a look at 5 ways hackers might target your small business and how you can protect yourself from an attack.

What do the statistics tell us about who is falling victim to a cyberattack? Surprisingly, over 43% of cyberattacks target small or newer businesses, a much different result that we’d expect based on what the media tells us. Unfortunately for those small businesses who fall victim to a severe cyberattack, 60% go out of business within six months.

We can see that a cyberattack can wreak havoc on any organization regardless of size, but that does not mean it’s too late to protect yourself from being another statistic. In order to understand how best to protect your business and your clients, it’s important to understand how cybercriminals are exploiting small businesses.

1. Ransomware
You may be aware of what ransomware is or that it is on the rise, but what exactly does that mean for you and your organization? Looking at WannaCry, a recent form a Ransomware that exploded globally, we can see just how widespread this issue has become. This exploit works by encrypting, corrupting and/or locking sensitive information behind a firewall and demanding a blackmail payment in order to regain access to that material.

In addition, ransomware can collect data such as what websites you visit, what videos you stream and can even take pictures through a connected webcam, often scaring the victim into paying the ransom. Unfortunately, in many cases paying the ransom does nothing and the hacker keeps your data and your money.

How do you protect yourself and your organization from falling victim to a ransomware attack? Keeping your security, malware and anti-virus tools up to date are crucial components in protecting against a ransomware attack. It is also important to never open attachments from sources you don’t know and never download content from untrustworthy sources.

2. Phishing
A common form of phishing is through the use of masked portals. In this form of phishing, a hacker clones a website or portal to match the original legitimate website but does so almost perfectly. If the fake website or portal is mistakenly accessed by a user, all of the sensitive information that the user inputs can be exposed to the cybercriminal.

You can avoid being affected by these illegitimate websites by looking for “HTTPS” or SSL and TSL-encrypted sites. These sites are certified to encrypt any transferred data, keeping your information secure. Also remember to pay close attention to the URLs you are accessing online. Hackers will use URLs that are very close to the original URL, which can often be accessed by making a small typo.

Another great way to avoid falling for a phishing scam is to never trust a URL in an email. Instead of clicking the link, navigate to that website on your own to ensure it is not a trap. Also consider enabling two-factor authentication when available.

3. Application Breaches
It is important to be aware that the applications you access could also suffer a data breach. For example, Google recently had a massive breach that affected over 3 million users of their Docs and Drive platform. This breach occurred in a way similar to what we just discussed, through phishing. These hackers were able to send out fraudulent emails resembling actual Google emails, allowing the recipient to edit a Google Doc. Once the user clicked on the phishing email it took them to a third-party app, allowing cybercriminals to access any connected Gmail accounts. Interestingly, Google Docs was not compromised itself, however the hacker found a unique way to access users accounts for data theft.

To protect yourself and your organization, only use trusted applications and make sure to keep up to date with security tools and patches. Also remember to avoid clicking links directly from an email, but instead go to that website on your own.

4. Point-of-Sale Systems
Hackers will also target point-of-sale systems that are used by cashiers to collect a customer’s payment. For example, Chipotle recently suffered an attack through a phishing scam, compromising credit card data for millions of their customers.

The best way to protect your small business from an attack on your point-of-sale system is to implement secure hard and software from a trustworthy brand on that system. You should also go the extra mile and encrypt any data that may pass through this system.

5. Tax Form Scam
Tax form scams have become much more common in recent years. Scammers have developed a W-2 phishing scam where they email employees, making it appear to come from the company or corporate office. The email looks so legitimate that employees often input their personal information into the W-2 form and turn it back over to (what they don’t realize is) a hacker. This scam has affected over 120,000 employees as of March 2017.

In order to protect yourself and your business from a scam such as the tax form scam, it is necessary to educate both employees and customers. Offering free training or small courses on what to look for and what to be aware of will be very helpful in keeping everyone informed.

Education is key in protecting your small business from falling victim to a cyberattack.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.