Cyber Security Tips for Small Businesses
The topic of cyber security for small businesses is of particular importance for the Jellyfish.tech team as we faced it directly during launching our website.
At the last stage, after adding the most of the content to both main and blog pages, we had a slight mishap that actually became the reason for creating this post. At a certain moment, our website was no longer available. Having started to fix the situation, our CTO Roman bumped into the following message in the code:
Cybercriminals hacked the database (PostgreSQL) to steal the data. Why did they need the descriptions of our technologies of choice and expertise? To ask for a ransom!
Unfortunately, the cyber police department is not as strong as we wish it to be, so we had to manage this problem ourselves, ignoring the demand to transfer 0.25 bitcoin. Our content manager had no choice except re-adding the stolen content to the website wiping the tears of insult.
We tend to consider this as a payback for the SQL injection done by our CTO having been a student. He hacked the university website to get the A+ from one of the programming tutors. Is he proud of it? No, but everyone has a past.
Coming back to our question, the problem of cybersecurity for small business is gaining an increased relevance our days, and Jellyfish.tech can’t stand by, especially after the things we’ve experienced.
- Cyber Security for Small Business: What Is It?
- Cyber Security Threats Small Businesses Face (and How to Avoid Them)
- Best Practices of Cybersecurity for Small Business
- Real-Life Cyber Security Fails
Cyber security is a series of practices aimed at the defense of systems, applications, networks, and data from the digital attacks.
The term of cyber security can be applied in multiple contexts from digital business to mobile computing and broken down into the following categories:
Cyber attacks target sensitive data to get money from individual users, companies, and even corporations or interrupt business processes.
Enterprises and corporations are used to hire in-house cybersecurity specialists who may either be the part of the IT department or set up the dedicated one; check with the consultant, or, at least, buy and install sophisticated cybersecurity software.
Frequently, the above-mentioned cyber attacks prevention methods are not available to small businesses due to high costs and negative ROI. All the more in most cases business runners in small companies are able to take the necessary security measures through their own efforts as we’ve done it. Or to be more specific, haven’t done and our employee should have to redo the work.
The rapid pace of digital products and services development provokes more and more criminals into going after sensitive data they might access using even the most common cyber crime attack methods.
Knowledge is power, thus, we hope strongly the information from this post will help you prevent cyber attacks.
Imagine cyber criminals have stolen all the data from a website and made it go down. If talking about corporate websites, this situation is not really the calamity. What if the target website is your main source of income with hundreds of visitors per day or even per hour? In this case, the consequences of a ransomware attack will be much more devastating.
Of course, criminals will fix what they’ve done only after the ransom is on their bank account (cryptocurrency is one of the most popular demands). Thus, you will have to either add the content one more time that is quite a resource-consuming process (we were lucky in a way, as our website was new, so we had to upload the content only for several main pages) or pay an arm and a leg for getting your website back.
Ransomware actually heads the list of the frequent cyber attacks and most of them target small businesses because of their vulnerability.
Evident? Yes. But DO we really always use it? During working on our corporate website, this just slipped our minds! The manager who was leading the project thought the developer was responsible for running backups, and the developer was sure the team lead would take care of it. As you can tell, no one from these three really did it. That’s why a backup policy is a must at any stage of working with data.
I run backups every morning and evening, yet I still don’t feel safeContent Manager of Jellyfish.tech
With trembling hands, she’s running another backup.
To avoid a similar fate, appoint the “backup” person once and for all to run them periodically so that the relevant data can be restored at any moment.
Imagine that while checking out the corporate mails, your SMM specialist has opened the one saying your Twitter account will be marked as suspicious and deleted if you don’t confirm your login and password. The way they offer him/her to do it is to re-enter the data into the built-in form or follow the link to the data recovery page looking suspiciously like the same page on the original website. The main objective of this message is to get your personal or your company’s sensitive data, making the system more vulnerable. The only acceptable reaction is to delete the message and block the sender, it’s evident, especially when all the websites and services you use prohibit disclosing your personal data to any third parties. You may be sure your employees are well aware of this type of cyber attacks by default, what is more, you may be sure you will never fall for that trick. However, phishing statistics suggest otherwise:
“76% of businesses reported being a victim of a phishing attack last year”.
This number is truly impressive. Phishing cyber attacks become more and more “client-oriented”, if I may say so, more sophisticated to scam even a tech-savvy user. Both the number of phishing attacks that have grown 65% in the last year and their quality are evolving to draw the attention of a wider audience. CEOs and company’s key figures appear to be at risk as well; the cyber attacks targeting top management positions have been even called spear phishing in general, and CEO fraud and whaling, to be more specific.
Install Anti-Phishing Software
Email phishing prevention applications are one of the shields that will protect your network systems and sensitive data of both your company and workers. Depending on the software type, it may protect not only the corporate mail but detect and prevent phishing attacks no matter where on the Internet.
Set Up Two- or Multi-Factor Authentication
Enable the additional level of security besides the login and password by implementing two-factor or multi-factor authentication making it harder for hackers to access the account. The multi-factor authentication is not a sign of mistrust, it is a necessary measure to prevent the progressing cyber attacks.
SQL or structured query language is used by many servers to manage the databases. Targeting this kind of server, an SQL attack injects malicious code to get sensitive data that can’t be accessed in any other way. It becomes a real problem if a server stores the users’ payment details (card numbers, passwords, etc.) or other private information.
Whitelisting and Blacklisting
Blacklisting allows removing or replacing the malicious characters from user input. Although this method is easier to implement (compared to whitelisting), it may still fail to protect a server under the circumstances of evolving attack techniques.
Alternatively, whitelisting is a more secure option as it examines each part of a user input comparing it to the permitted characters.
Anyways, disregarding the type of approach, you will have to work together with the developer to identify and tailor the permitted data formats for the input to set up the filters.
For those who want to prevent the threat, the CTO of Jellyfish.tech has listed the universal cybersecurity advice small businesses may have missed. It isn’t rocket science, however, having these actions listed and discussing them with either a cyber security consultant or a developer is always a good idea.
Permanent network analysis using the custom tool picked up for your industry and company type contributes to the reinforcement of your digital security.
Perhaps, checking our network management tool case will help you understand which features should your ideal application for network analysis have. Or, consultation with a specialist can be the best solution for your company. Of course, it depends on multiple factors to consider before searching for a proper way to manage the network. We could start by answering these simple questions to identify your requirements:
- What is your area of expertise?
- How large your network is?
- What are your expectations from the tool?
- Are you more focused on visualization or the computation of metrics such as centrality, betweenness, etc.? Or maybe you want to have both?
- What is your budget?
- Who will use this tool on an ongoing basis?
Anyway, it would be much easier to explain what you need to a third party.
If you’ve got curious about network management and why it is important, check the post where we discuss it.
A software vulnerability is one of the most common reasons for cyber attacks. Any breach makes your system a perfect target to steal sensitive data or encrypt the files to ask for a ransom.
Regular software updates will fix the security holes to prevent cyber attackers from encroaching on sensitive information of yours and your users/ employees.
Employees’ education should be at the core of your company’s cyber policy, as the people are the main vulnerability and defense source at the same time.
Regular cybersecurity meetings where you clearly communicate the impact of cyber attacks and talk about the up-to-date ways of its prevention is an important step towards cybersecurity.
Meanwhile, you can share these videos to inspire your employees for taking care of cybersecurity with greater enthusiasm.
Hackers stole the sensitive users’ data from a cheating site Ashley Madison. More than 32 million of adulterers’ credentials and credit card numbers were posted to the dark web. A month later, its companion, the website for beautiful young women to find a rich daddy Established Men suffered the same fate.
Canadian startup released a super cool Bluetooth-speaking padlock, which “secret” code could be easily picked from the lock’s network address. The point is that the padlock uses your public MAC address as an access code. As a consequence, the UK penetration testing team succeeded in building a special program able to open any padlock of this company in 2 seconds compared to 0.8 seconds an official app required.
But it’s not over yet as a Greek cybersecurity specialist Vangelis Stykas shared his own research on hacking the lock on Medium. He managed to add himself as a user into any padlock, get access to users’ sensitive information, and open the lock in 0.8 seconds.
In the spring of 2017, before the presidential runoff in France, hackers posted a collection of links to the archive of the leaked emails of the party “En Marche!”. Sensitive data (contracts, documents, and accounting) was obtained by hacking the email of several key campaign members.
According to the report of the security firm Trend Micro, Macron’s campaign became the target of the Russian hacking group Fancy Bear. This act is seen as the France democracy demoralizer as well as Russia’s interference in the US election process noticed earlier.