For all its wonder, the internet can still be a dangerous place and protecting your business’ online presence from cyber-attacks has never been more important. Leaving your online presence in a state of vulnerability can greatly damage your reputation as a company, as well as your relationship with other businesses, according to online security giant Symantec.
In one of their latest reports, Internet Security Threat Report (ISTR) Volume 18, Symantec found that the number of phishing attacks that had “spoofed” social network sites had risen by a staggering 123% last year. Meanwhile, companies’ own websites have been attacked and email-based hacks are also very common, as they can serve as portals into other sites and to other sensitive information.
So why exactly is it that hackers target the websites of small businesses opposed to larger companies? “Small businesses generally don’t have the same IT budgets as larger enterprises,” explains Paul Wood, Symantec’s cyber security intelligence manager, “and are less likely to have the defense-in-depth protection that larger businesses can afford. This makes them attractive targets for attackers.”
“Moreover, small businesses are often in the supply chain to larger enterprises, and may have access to proprietary company confidential information, such as source code or project designs,” he says. “Moreover, a direct attack on a large company may be detected quickly and blocked, whilst an attack against a supplier, which is an SMB is perhaps more likely to succeed.”
Cyber attackers are looking to gain currency in the form of information and a small business provides an easy stepping stone for someone with the know-how and malicious intent, assuming the small business hasn’t taken the necessary action to protect themselves. It’s vital that small businesses remain vigilant at all times when online.
“We are all more likely to trust something that comes from someone we know and trust. A message from a buddy linking to a video clip that purports to contain an amusing image of you is likely to attract your attention quickly,” says Paul on being wary of what you click. “Web-based email addresses are also popular for hacks, as these are often the keys to the other websites, such as social networks. We authenticate using our email addresses – and if an attacker can gain access to your webmail account, they can reset the passwords for a number of other accounts, like social networks, by clicking on the ‘I’ve forgotten my password’ button – which often sends you an email with a link to click on to reset your password, thus locking-out the legitimate users.
Paul offers three solid tips on protection, which include:
- Regularly changing your password and having different passwords on each account
- Installing and updating the latest security software
- Being cautious at all times (the most important tip!)
“Security problems that originate with humans don’t have easy technical solutions. However, with proper user education, you can reduce the risk of successful phishing attacks on the social networks you and your employees use both professionally and personally,” adds Paul.