Cybercrime is increasing at epidemic proportions and impacting everyone from consumers to Small to Medium Businesses (SMB’s) and large corporations, however you may not be aware that SMBs are becoming the cybercriminal’s “sweet spot”. SMBs have a number of unique characteristics which make them an attractive target which includes having sufficiently valuable information to make an attack worthwhile – mostly credit card and personal/identity information of their customer base. Most also have a very low level of network security, making them an easy hack. This is primarily because most SMBs don’t engage an IT specialist with cyber-security credentials to build and maintain a secure business network. A recent small business study by the National Cyber-Security Alliance found that 90% of SMB organisations did not have professional IT managers on staff, much less cyber security specialists.
Apart from stealing customer data and financial information, SMBs are also being targeted by ransomware malware such as Crypto-locker. Crypto-locker is an advanced form of malicious software that encrypts the hard drive of the infected PC. A hacker then extorts money from the PC owner, forcing them to pay a ransom through online payment methods to regain access to their own data. A common way for these files to infect a business is via an attachment on an e-mail which will often represent a bogus invoice, receipt or notice. It is important to remain vigilant when opening e-mails and particularly attachments – unless you know the sender, you should not open an e-mail attachment, as the simple act of opening the attachment is enough to unleash malware and harm your business network.
According to the ABC, the ACCC has received in excess of 2500 complaints so far during 2015, resulting in an estimated $400,000 in ransoms being paid to cyrpto-locker hackers. However, this is acknowledged as being just the tip of the iceberg, with most attacks still not reported to authorities.
Like physical security, cyber security requires several layers of protection to create a robust barrier.
Just as you wouldn’t lock your front door and leave your windows open, it’s important to lock down all entry points to your network.
The critical elements of security protection include:
Firewall: Ensures that only the traffic that should be allowed on the network traverses the network. Prohibited traffic is blocked before it ever enters the network.
Anti-Bot: Blocks botnets from communicating to their command and control centre for further malicious activity.
Intrusion Prevention Systems (IPS): Searches traffic for attacks targeting business computers and devices.
Anti-Virus: Helps to prevents malware such as viruses and worms which are prevalent and can cause major damage.
Anti-Spam: Prevents unwanted email which is an issue for any business.
Application Control and URL Filtering: These capabilities work together to ensure that only allowed applications are used on the network and that only allowed websites can be visited.
User Awareness: Allows an organisation to have polices in place that will allow or prohibit what specific people can do, based on their identity or role in the business.
Thankfully, it is now easy for SMBs to protect their business with enterprise-grade cyber protection with specialised small business cyber security solutions.
It’s important when selecting a SMB cyber security solution, to look for a product that is pre-configured by a specialist cyber-security vendor, incorporating a subscription for regular updates. An annual subscription will help to keep your business protected against emerging threats and new forms of malware. You should also look for a solution that includes Anti-bot protection. Botnets are a form of malware that enables your PC to be remotely accessed from an external command centre. This is primarily how Crypto-locker operates.
It is critical that SMB’s act now to educate themselves on cyber- crime and to deploy the security solutions they need to protect their network and very survival of their business.
About the author:
This article was written by Karen Negus, SMB Sales Manager, ANZ, Check Point Software Technologies