As the world becomes more connected, the number of cybersecurity threats to small to medium-sized businesses (SMBs) increases. Connecticut SMBs have become accustomed to protecting themselves from malware and phishing attacks. Unfortunately, cybercriminals are persistent and clever and continue to create new threats as soon as the old ones become less profitable.
Connecticut SMBs are particularly susceptible to cyberattacks because they lack the resources that larger companies have to protect themselves. Symantec reports that 43 percent of SMBs (companies with 250 or fewer employees) were targeted for spear-phishing attacks in 2015, up from 18 percent in 2011. As CT SMBs become more sophisticated and bring in more technology, they become targets. Cybercriminals seek out organizations that are working to catch up on the latest technologies because they tend to be more vulnerable; they are trying new technologies and are still working out the bugs, including new safeguards.
Here are just six sources of potential cybersecurity threats that Connecticut SMBs tend to overlook:
1. E-Cigarettes and the Internet of Things
The Internet of Things is presenting new security challenges. As more devices are connected to the internet, the more possibilities there are to launch new forms of cyberattacks. For example, did you know that an e-cigarette could be used to launch a hacking attack? Security experts note that an e-cigarette could be used to intercept network traffic by spoofing the computer into thinking the e-cigarette is a keyboard. E-cigarettes are charged via USB, and it’s a simple matter to use e-cigarettes to deliver malware into a computer.
2. USB Devices
USB-connected devices are always a threat to corporate computers. If employees use flash drives or portable hard drives to make data transportable outside the office, those flash drives and hard drives can be infected and used to carry a malicious payload. Employees may be innocently trying to be more productive by taking files with them, but the potential for infection makes such practices hazardous. Smart IT managers place strict controls on USB devices and even block USB access to prevent infection.
3. Manufacturer Updates
Even manufacturer updates have the potential to carry malware. IBM recently shipped a series of infected USB flash drives to storage customers that contained Trojan malware. This can be a difficult threat to combat. Be aware of the potential threat, and let your managed service provider know if you have a manufacturer update so that they can properly monitor your systems.
4. Social Media Risks
Social media is another potential front for cyberattack. Businesses are increasingly discovering that it is impossible to keep employees off of social media during work hours, and most companies maintain their own promotional social media presence. However, even the social media powerhouses aren’t completely secure. Facebook suffered an undetected data breach that exposed hundreds of social media accounts and passwords. Hackers could use an employee’s Facebook account or other strategies to launch a cyberattack.
5. Mobile Devices in the Workplace
Mobile devices pose a potential threat, especially as more employees work remotely. Mobile devices are vulnerable to malware attacks just like workstations, and users connect those devices to the company network. For example, AceDeceiver is iOS malware that can infect your iPhone or computer and install malicious apps.
6. Your Employees
Employees are the biggest and most unpredictable threat to company data security. Studies show that employees are responsible for 60 percent of cyberattacks. However, disgruntled employees and cybersecurity saboteurs are not the greatest threat. The latest research shows that phishing and malware are responsible for 31 percent of security incidences, human error is responsible for 24 percent, theft of an external device such as a laptop 17 percent, vendors 14 percent, internal theft 8 percent, and loss of or improper disposal of equipment and data 6 percent. These kinds of threats are harder to defend against. You can educate employees about phishing attacks, but there are more devious threats emerging all the time, such as the fake email from the boss.
Cyberattacks are something every Connecticut SMB needs to be concerned with, because every business will be attacked at some time or other. The challenge is that cyberattacks are pernicious, and you may never know where the next threat will come from. That’s why you need to have solid data security measures in place, as well as a disaster recovery plan.
Using an outside managed services provider (MSP) can help. MSPs can provide remote security monitoring services, continually watching your enterprise networks for malicious behavior that could indicate a cyberattack. MSPs also provide data backup and recovery services so that, in the event of an attack, you have clean copies of software and data to facilitate systems recovery. You also should be relying on your MSP to help you with systems configuration and deploying and upgrading new workstations and mobile hardware to minimize the potential for introducing malware. They will keep track of the latest cybersecurity threats so that you don’t have to and will provide continuous system monitoring, data backup and recovery services, employee training, and more to help keep your data safe.
You can’t head off every potential cyberattack, but you can prepare for the worst. Find a trusted services partner that can help you be prepared with the latest malware defenses, employee training, data monitoring, and disaster recovery services. You may not be able to stop all the cyber bad guys, but you certainly can find the right MSP to help minimize the amount of damage.