By Calligo
20/11/2019
Cybersecurity threats are constantly evolving and becoming increasingly sophisticated and targeted, from notorious malware and ransomware attacks to intelligent social engineering techniques to the newer “juice-jacking” and public Wi-Fi hacks. So the question to ask is – are you aware of the top IT security threats that are affecting SMEs?
Small businesses are frequently being targeted by cybercriminals, with the number of attacks and those affected expected to rise. This is usually because SMEs may not have the internal resources or expertise to hand or have the necessary IT security processes and policies in place. Adding limited employee cybersecurity awareness into the mix makes SMEs prime targets for a cyber-attack.
To help raise cybersecurity awareness, we have selected the top 9 IT security threats that we most frequently spot threatening our SME clients’ networks.
9. Weak passwords
A good password is not necessarily one that is easy to remember. Good, in this context, means strong. All employees should be required to use strong passwords or passphrases that are more resistant to guessing, or a brute force automated “dictionary hack” that throws hundreds of potential password combinations per second at a system until it cracks.
8. Unlocked Hardware
The most basic of errors, and the simplest route into your network. From unlocked phones and laptops to allowing an unauthorized person into the building. Employees need to be educated on the importance of locking devices as well as questioning visitor identities.
7. Juice Jacking
Be aware of free public charging ports for mobile phones. This is a relativity new threat where a public USB-based charging port is corrupted to install malware onto the device or covertly copies sensitive data off it.
6. Web Browser Extensions
Web browser extensions are not always what they seem. Their functionality often depends on being granted certain permissions or access, so if they are compromised, they can grant cybercriminals access to your web history, cookies and even stored passwords.
5. Typosquatting
Typosquatting is the act of purchasing URLs that are very similar to those owned by well-known brands and putting up fake sites that mimic the true brand’s presence. On the surprisingly frequent occasions that users then commit typos when entering a URL in the browser, these fake sites can then either deliver malware to the users’ devices, often without any need to click any links, or be so convincing that they request login credentials and even payment details.
4. Public Wi-Fi
Free public Wi-Fi might seem like a lifesaver, especially when you’re working remotely or when you’re on the go; however, it’s a hacker’s dream. With remarkably cheap equipment and the most basic of know-how, cybercriminals can use so-called ‘Man-in-the-Middle’ attacks to easily intercept data flowing through any unsecured public Wi-Fi connection. Similarly, cybercriminals frequently set up rogue Wi-Fi hotspots, often with network names masquerading as nearby brands’ open connections for customers, leaving your data and business data easily accessible to them.
3. Phishing
Phishing attacks typically rely on using convincing email and SMS communications, often posing as from recognized brands, to gain access to personal and sensitive data such as usernames, passwords and financial information or to encourage links to be clicked that will install malware. These are often successful as they play on users’ trust of brands’ communications.
More targeted attacks, known as “spear-phishing”, are where a cybercriminal purposefully targets a single organization or individual. This can sometimes be in the form of “urgent” demands via email or even calls from the “CEO” or “Accounts” in order to gain access to the user’s data or contacts, install malware, or even to have false payments made.
2. Ransomware
Ransomware is a form of malware that instantly encrypts and prevents users from accessing their systems or data until a sum of money is paid. In 2019, 1 business fell victim to a ransomware attack every 14 seconds (Cybersecurity Ventures). These are often some of the most headline-grabbing cyberattacks, as when they impact core infrastructure services, such as when the Wannacry attack hit the UK’s NHS in May 2017, they can have dramatic societal effects.
1. Malware
Ransomware is a form of malware that instantly encrypts and prevents users from accessing their systems or data until a sum of money is paid. In 2019, 1 business fell victim to a ransomware attack every 14 seconds (Cybersecurity Ventures). These are often some of the most headline-grabbing cyberattacks, as when they impact core infrastructure services, such as when the Wannacry attack hit the UK’s NHS in May 2017, they can have dramatic societal effects.
How can I protect my business from these IT security threats?
There are three pillars of IT security, each of which must be addressed equally: People, Processes and Technology. You could put in place the most sophisticated technology-based defences such as anti-virus and firewalls, but without supporting your employees with the necessary education, or enforcing the correct patching processes, your network will remain susceptible.
In fact, almost all of the threats above rely on inadequate processes and human error or naivety. Cyberattacks will seek out the easiest route into your network, and that is often your workforce.
How Calligo can help
Calligo’s award-winning IT Managed Services include baked-in services that address all three pillars of IT security and keep your business continuously protected from all attack types.
Our IT Security Services include:
– Strategic security consultancy
– Anti-virus, malware, ransomware and SPAM
– Security audits
– Patch management
– Penetration testing
– Employee cybersecurity awareness training
– Back-up & disaster recovery
Find out more about our IT Security Services here
