For small businesses without IT staff, cyber security can be a huge worry. There's reason for alarm: Small Business Computing reports 58% of all data breaches last year occurred at small businesses.
Ponemon's 2017 State of Cybersecurity in Small and Mid-Sized Businesses reports 61% of companies surveyed had a cyber attack in the past 12 months, and 54% of these suffered a data breach involving employee and/or customer information.
What are the most common threats?
The most common attacks against small businesses involve phishing/social engineering (48% of respondents).
One social engineering scam on the rise is "pretexting", in which attackers send e-mails appearing to come from an executive or co-worker in the company. Pretexting often targets financial and HR departments in an attempt to access the business's bank accounts or its employees' personal data.
According to Symantec's 2018 Internet Security Threat Report, each user at a small business receives an average of nine malicious e-mails per month.
The second most common type of attack is Web-based. In this situation, malicious software, or malware, installs itself on victims' computers when they're using the Internet. About 43% of Ponemon respondents suffered a malware attack.
Ransomware, in which hackers use malware to compromise your computer system and then demand a ransom to give you back your data, is also on the rise. In last year's Ponemon report, just 2% of respondents reported ransomware attacks. This year, 52% of respondents say their companies experienced a ransomware attack; of those, 53% faced more than two ransomware incidents in 12 months.
Problems and solutions
Employees continue to be the weakest link when it comes to cyber security. Of the respondents whose companies suffered data breaches, 54% say negligent employees were at fault.
Proper use of passwords and authentications can help. About 59% of respondents in the Ponemon survey say they don't know what password practices their employees are using. Only 43% of companies even have a password policy, and 68% of those admit they don't strictly enforce it.
Beyond employees, some of your business technology could also be putting you at risk. For example, do you know unsecured networked printers can give cyber crooks easy access to your company's sensitive data?
Xerox printers and multifunction printers with ConnectKey technology can help. Their built-in security features help keep your printers secure from both external and internal threats. For example, you can use key cards, passwords or mobile devicesfor authentication control to restrict access only to authorised users. (Combined with the Xerox Mobile Link app, this is a great way to enable mobile printing while still keeping data secure.) The printers also log user data so you can see who's using them, and protect your data by encrypting documents sent to, sent from, or stored on your printers.
Xerox Mobile Link App: 3-in-1, capture it, manage it, send it Xerox Mobile Link is a mobile app that can scan, fax and print from your phone or tablet by connecting with Xerox multifunction printers (MFPs).
White-listing technology embedded in ConnectKey enabled printers protects against malware and notifies you of any attempts to compromise printer security, while Firmware Verification alerts you if any harmful changes to the printer are detected.
Cyber safety tips
To keep your small business safe from cyber attacks, follow these tips:
* Install software to detect and prevent intrusion by viruses and malware.
* Train employees in cyber security practices, particularly regarding e-mail and Internet use, and enforce them.
* Use secure passwords and change them regularly. Don't share passwords.
* Set software to update automatically; outdated software makes your network easier to breach.
* Consider purchasing cyber security insurance for added protection.
* When buying new hardware and equipment, look for products like Xerox printers and MFPs with security features built in.
Cyber attackers continue to get sneakier and sneakier. By taking these steps to protect your computers and networks, you can reduce the chance of your business falling victim to the crooks.