Small Business And Cyber Security

Small Business and Cyber Security
Many small business owners think that a security breach would not happen to their business and a lot of them are under the impression that only big corporations get hacked. In 2019 a Data breach investigations report by Verizon claimed in their research that 43% of breaches where on small businesses.
So how can you as a small business owner combat this? Well one way is to get your business Cyber Essentials Accredited, this is a government initiative brought out in 2014 to help businesses with their IT security systems by putting in some measures in place to help secure their business. There are 5 main points of security and they are namely:
- Firewalls
- Secure Configuration
- User Access Control
- Malware Protection
- Patch Management
Click here, this will take you to another blog we did on the 5 layers of Cyber Security where we discuss each of the above points in detail.
One of the Common attacks of a breach is a Phishing Email
How does it work?
- An attacker will send an email with a link in the body of the email that appears to come from a trusted source, like for example, Microsoft, or your bank and will have all the correct logos etc within the email
- The user clicks on the link which takes them to page on the internet which will look like the Office 365 or your Banks login page – but it is fake
- The user enters their login credentials which are instantly captured by the attacker.
- After trying to login to the fake page it will probably say incorrect login and redirect the user to the real Microsoft or Bank login page, but that time the attacker has your details.
- When the attacker is in the account, they can perform malicious activities.
- They can spread Malware across a business’s network which potentially will have Ransomware or even Crypto mining
- They can target the business owners or even clients and carry out spear phishing attacks
- The attacker can obtain the companies address lists
- They scan mailboxes for other information like important credentials, personal or company information
What can you do?
Staff and end user training are very important and create a culture of Cyber Awareness within your business. If you would like to find out if your company can do a with Cyber Security audit, please get in touch with Control IT Solutions on 01738 310271