Monday, May 23, 2022

Warning to small business: The hackers are coming for you

If you think your business is too small to be of interest to hackers, you should think again, say cyber security experts. Every company has something that hackers want.

“Every one of us has value, whether it’s the information we retain within the company, or as a stepping stone to our business partners,” Michael Ball, chief information security officer with AGF Investments told participants at a recent ITWC webinar. “Don’t think you don’t.”

Security is a vital business issue and must be considered as a critical component in every project.

“We cannot emphasize this enough.  You will be hacked.  It’s only a question of when and how much damage they can do,” said Ratish Raghavan, vice-president of operations at Performance Advantage.

Sponsored by Performance Advantage and hosted by ITWC CIO Jim Love, the webinar outlined what small businesses need to know to survive the latest cyber threats.

High stakes

No one, big or small, can afford to ignore digital security, said Love. “If you lost access to key data, how would it impact your company? That’s what it boils down to.”

Businesses have a lot at stake, including the potential loss of customers, reputation and the ability to do business. For example, Love said DNS service provider Dyn, lost 14,000 customers after a massive DDOS attack shut down its business for four days in October 2016.

The situation is becoming more dangerous. “Increasingly, the new players on the scene are organized and well-financed criminals,” said Love. “Hacking has become a big business.”

That’s driving the growth in ransomware, which was estimated to be worth $1 billion in 2016, said Love. With ransomware, hackers gain access to your system using a phishing email. They then encrypt your files and demand a ransom to get them back. Ninety per cent of phishing attacks contain ransomware according to Ball.

Best defences for small businesses

“Security has to be a core piece of every business, no matter what you do. You have to master it yourself or find a partner you can trust,” said Raghavan.

Protecting your business requires layers of security on top of the standard anti-virus software and firewalls, said Ball. “Training employees on how to recognize phishing emails is one of the biggest things you can do,” he said. There are fewer security attacks in organizations where employees are trained more than once per year.

As well, Ball recommended that businesses take the following steps to strengthen their security:

  • Do patches and updates on your operating system and your middleware as quickly as possible.
  • Back up regularly and test the system to see how fast you can restore your data.
  • Limit access. Anyone with access should have no more access than what is required to do their job.
  • Make sure you know what your normal levels of traffic are so that you can recognize changes.
  • Improve the strength of passwords and use two-factor authentication.

It’s just as important to make sure your response team has a plan to address both the technical and communications issues after a breach happens. “You need to communicate to your shareholders and to the public to maintain your reputation,” said Ball.

The future is going to bring new threats, said Love. “This is war. Hacking has gone beyond vandalism.  We’re at war with technically advanced businesses.  It’s going to get worse.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Cindy Baker
Cindy Baker
Cindy Baker has over 20 years of experience in IT-related fields in the public and private sectors, as a lawyer and strategic advisor. She is a former broadcast journalist, currently working as a consultant, freelance writer and editor.

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.