Understanding how cybercriminals work is important for staying one step ahead of them.
And right now, when there’s more focus on the digital world than ever before, small business leaders can take the opportunity to learn more about the most common cyber threats.
This article outlines the most common attack vectors and how you can arm your business against them.
1. Malware: Surveillanceware and Ransomware
Malware stands for malicious software and is the catchall term for any piece of software designed to either damage devices or (as is more common) steal important data.
There are many types of malware that can affect your system. Some of the most common include trojans, viruses, ransomware, nagware, adware, spyware and worms.
In 2020, we saw an increase in Surveillanceware (which is used to access sensitive data on devices) and Ransomware attacks (where adversaries encrypt data and demand a ransom).
2. Phishing: Email and mobile
With phishing attacks, fraudsters pose as reputable companies and send false communications in order to trick people into revealing their personal information or clicking on a malicious link.
Phishing used to be mostly coordinated through emails. But as more people are using their personal mobile devices to access corporate networks, mobile phishing has taken over as the most popular route for phishing attacks.
3. Threat Actors: Hackers
Hackers are the individuals behind all these threats, creating malware and deploying phishing emails. They specifically like to prey on smaller businesses, because of their often limited security capacity and the role they play in the wider supply chain. The COVID-19 climate also made it easier for them to broaden their attacks.
Once a hacker gains access to your network, they can steal, change, destroy or corrupt your data, or take control of your device, and may do a lot of it without your knowledge. So the only real protection against a hacker is preventing them from ever gaining access in the first place.
Fraudsters often entice workers to download dangerous malware or spyware programmes through messaging and SMS platforms by using phrases that are hard to ignore, such as “just saw this picture of you, when was this?”
Enterprise phishing emails take advantage of crisis situations and use titles such as “Please Read Important from Human Resources” or “All Employees: Update your Healthcare Info” to convince people to click on them.
When personal devices are used for work, phishing emails targeted at individuals can gain access into a corporate network. And people tend to be a bit less cautious when it’s their private email, making it a favourite for fraudsters.
Make sure you extend any phishing protection you have to mobile, whether that be personal or corporate.
Ensure firewalls are enabled for all devices that can access your company network, especially ones that connect through untrusted networks.
Only use software, apps and accounts that are necessary, and protect them with strong passwords. For important apps, use secondary forms of authentication such as fingerprint.
Regularly update your anti-malware protection across all devices and make sure operating systems are running the latest versions.
Regularly back up important data on separate, unconnected storage devices, to help protect against a ransomware attack.
Firms like Trend Micro and Lookout also offer comprehensive protection against mobile phishing on Android and iOS devices. It can guard against phishing attacks from multiple vectors and allow workers to use their own smartphones for work by offering content protection, even if the device is outside the firewall.
The cybersecurity landscape is constantly shifting. Keeping on top of the latest news can help you stay in the know and stay ahead of hackers.
The hotspot map of threats on Lookout keeps track of phishing attacks globally, giving the most up to date picture of the threat landscape.
Secure your business from a host of cyber threats with Vodafone's security solutions for businesses of all sizes.
Data Security and GDPR
GDPR lays out the obligations Irish businesses have when it comes to handling customer data. But just what are your obligations under this law, and how can you know if you’re fully compliant? What should you be doing? Read our guide and find out
Cybersecurity mistakes can hit businesses hard – especially smaller organisations. With cybercriminals now seeing small businesses as softer targets, discover how to outsmart cyber threats, safeguard your data and protect your business reputation.