Skip to main content

Increased Cyber Risks for Small Businesses

Sugar has always had a bittersweet reputation when it comes to our health. Foods such as fruits, vegetables, grains, and dairy contain naturally occurring sugar. Because our bodies digest these specific foods slowly, the sugar offers a steady energy supply to our cells. High intakes of fruits, vegetables, and whole grains also has been shown to reduce the risk of diabetes, heart disease, and some cancers. However, problems arise when too much added sugar is consumed, a sugar that food manufacturers add to products to increase flavor or extend shelf life. Sugar is a prime example of a good thing that can also contain risks at the same time.

Likewise, throughout the pandemic many small businesses have been able to survive and thrive thanks to technology and the internet. While this increased reliance on interconnected systems has greatly assisted, it has placed them at a greater cyber risk. With cyberthreats from Russia and other sources happening more frequently than ever, small and medium-sized businesses (SMBs) need to be even more vigilant. To minimize the chances of cybercriminals compromising the security of small business customers, community financial institutions (CFIs) should be actively educating this group about what they should watch out for and how to protect themselves.

SMB customers at risk

According to CyberCatch, a cybersecurity firm, more than 30% of SMBs are at risk of cyberattacks. CyberCatch reported that hackers are notorious for targeting SMBs because their security measures tend to be less effective than those of larger organizations. In addition, because of the Russian cyber threats, experts say that larger targeted companies could affect smaller businesses that are connected to their platforms.

Top threats

Due to the increased complexity of cyber-attacks, SMBs are encouraged to increase their cyber security. Having solely antimalware software may no longer be enough. Knowing the differences between a few of the biggest cyber risks for SMBs is imperative as continued education can help increase security.

  • Spoofing is when cybercriminals mask their identities using phony IP addresses designed to appear like legitimate - usually well-known and recognizable - organizations to get an individual's trust to click on a link or attachment. Once they click on the link or attachment, malware is installed on their device. According to CyberCatch, roughly a third of SMBs have fallen prey to spoofing attacks.
  • Sniffing is the real-time interception of packets of data that pass through a network in order to capture sensitive information, such as passwords, credit card information, etc. Cyberthieves use programs and devices, known as sniffers, that can monitor everything from an organization or an individual’s email and web traffic to router configurations, FTP passwords, and DNS traffic. While there are legal uses for sniffers, such as FBI wiretaps and monitoring, criminals are looking for any unprotected and unencrypted information that they can exploit. The most common way that people fall victim to sniffing attacks is by using unsecured Wi-Fi networks.
  • Clickjacking is when someone compromises the user interface (UI) on a legitimate website so that someone is clicking on something other than what appears on the screen. By hiding a different UI within or on top of a legitimate site’s normal UI, criminals can do things, such as install malware on an individual’s computer or steal credentials. In some cases, criminals will hide clickjacking so well by mimicking the expected result that an individual has no idea nothing is out of the ordinary. Clickjacking is possible on websites that use HTML frames that enable content to be displayed independently within a separate window.

Protective measures

  • Identify your organization’s most valuable data and information and ensure that it is backed up separately, should a malware attack occur.
  • Encrypt outgoing and incoming communication using a virtual private network (VPN).
  • Conduct internal IT network audits using device auditing or bandwidth monitoring.
  • Regularly test all systems, from software to web applications and websites, and look for any anomalies.
  • Patch any security weaknesses identified immediately.
  • Limit administrator privileges.
  • Require remote workers to use only secured Wi-Fi networks, particularly when working with sensitive customer data. Cybercriminals sometimes create phony public Wi-Fi connections that are unsecured, hoping that unsuspecting people will utilize them.
  • Employ ethical hackers to help identify any weaknesses within your security measures.
  • Maintain a recovery plan, if and when a cyber threat happens. This would include firming up entry points, changing system passwords, and accessing data from another location, among others.

Cyber risks are ongoing, yet new threats are arising as technology increases and cybercriminals obtain new methods of attack. Keeping SMBs safe by communicating the largest threats, and ways they can protect themselves, will help mitigate these rising threats.