Guest Authors

How to protect your small business from cyber attacks

by John Adams

Regardless of the type of business, it is virtually inevitable that that your business will be targeted by cyber-attackers. However, while nearly 81% of cyber-attacks occur to small and medium-sized businesses,  97% of these attacks are preventable with the help of outsourcing cybersecurity services or by implementing recommended security practices and raising security awareness among employees.

The businesses across the globe are ready to spend more on the security of their business against cybercriminals. According to research conducted by the research firm Cybersecurity Ventures, by 2021, the cost of cyber-crime will cross $6 trillion annually, worldwide.

Most of these attacks occur because of weak, insufficient and outdated IT system which does not block the hazardous attacks such as data breach, ransomware or business email compromise that may also lead to litigation against the business. As small businesses are more prone to these attacks, there are few tested ways to combat cyber-criminals and protect your business.

1. Protect Your Hardware

Businesses today give so much importance to software security that they often overlook the security of the hardware. Loss or theft of hardware devices is a threat that a business owner should be aware of.

What you can do is to protect your devices with strong and complicated passwords with the help of password managers such as LastPass, 1Password or Bitwarden. Each device user should have their own account and password manager. If you won't use a password manager, try some of these password management tips but never, never write down passwords in an accessible place.

Moreover, you can protect your hardware by employing anti-theft cables or brackets, by setting up surveillance or web cameras or by locking your server and communications rooms. If you have confidential customer data, consider adding a biometric scan to unlock the doors or installing an alarm system.

2. Keep Your System Update:

Keeping your system software updated is crucial for cyber-security of your business. Updated security software and strong firewalls settings ensure prevention of virus or attacks by the cyber-criminals. When your system is automatically updated, you will be protected from many of the known vulnerabilities that cyber attackers routinely exploit.

3. Data Protection Essentials:

Back-Up and Configure Your Data. Backing up or archiving business data is essential for recovery from cyber attacks, theft of devices, or loss of equipment or media resulting from a flood or fire. Remember to back up not only data that is stored on servers, but client and mobile devices as well. Remember, too, to back up configurations of your systems and devices, so that all of your user and security settings can be restored or used as reference configurations when you add new devices or servers.

Archiving data is also quite easy since the rise of cloud storage. Cloud storage is a simple, fast and an affordable way to back up your data. A variety of choices exists, from Amazon, Carbonite, and Microsoft to even Google Drive or Dropbox.  These solutions typically integrate well into small business LAN environments, even those with diverse operating system and mobile OS devices.  

Saving your data in the cloud means that your business is protected from certain serious cyber-attacks such as ransomware. Why this is so important for your business?  A ransomware attack encrypts all of your data and files, making them inaccessible to you. Cyber criminals will demand money in exchange for unlocking these files, to the tune of  $100 to $2000 for each infected system. This form of extortion can be devastating on a small business when several or more computers are infected by ransomware. 

Data Encryption. Making your business data useless when it falls into the wrong hands is an effective protection strategy. This can be done by encrypting your data. Full-disk encryption software is available from all major computer and mobile operating systems: use this to encrypt all of the data you manage, and make sure all of your company devices have this software activated and updated.  Many cloud services offer data encryption features as well. According to a research published in the International Journal of Advanced Computer Science and Applications, encryption of data is the most effective solution for protecting databases. Database software often features data encryption as well.

When you use data encryption, you must take measures  to protect encryption keys from corruption, loss and unauthorized access. You must also manage activities such as changing keys regularly, controlling and managing how keys should be assigned and to whom. Small businesses that don't have IT staff with data encryption skills should consult with professional IT services providers to identify and deploy their data encryption needs and solutions.  

4. Make Sure You Conduct Regular Risk Assessments:

Risk assessment involves identifying, analyzing and evaluating risk and ensuring that you have picked appropriate cybersecurity controls to protect your business from cyber attacks. Try a free or trial online risk assessment to get a sense of how your security measures match up to recommended practices. For example, the UK government allows free cyber risk assessments. You can try security scans such as Qualys, Tracesecruity or BITSIGHT. and use the reports to decide whether you need to hire professional security services to improve your security baseline and posture.

5. Buy Cyber Security Insurance

Criminals work tirelessly to find more targets and breach different security defenses. They can harm any business be it one of the most security-conscious. According to research conducted on data breaches in 2017 showed that global average cost of one data breach incident was $3.6 million.bIn order to mitigate the losses due to data breaches, it is imperative for businesses to invest in cyber-security insurance. While only 15% of the US and 9% of UK businesses have this form of insurance, you should consider offerings from these or other Cyber security insurance carriers:

Chubb Ltd. is the world’s largest property & casualty insurance company. This is a third-party service provider and has a comprehensive suite of cyber liability products that help business owners effectively respond to cyber incidents. While the Integity+ includes destructive programming liability, errors & omission liability, cyber liability and disclosure of confidential information, reputation disparagement and intellectual property (IP) infringement. Its Forefront Portfolio 3.0 offers comprehensive coverage such as e-threat coverage, e-business interruption, payment card industry assessments, and more.For different types of business, it offers different annual premiums that range from $400 a year to $3000 per year.

XL Group Ltd (also known as AXA XL) specializes in casualty, property, professional and financial lines as well as specialty insurance. It provides coverage for technology errors, omissions liability and media. It covers breaches of cloud computing providers, privacy and security liability, crisis management, data breach response, business interruption, and extra expense, privacy regulatory defense costs, data recovery, and cyber extortion.It has served a wide range of industries such as healthcare, financial institution, hospitality, manufacturers, IT consultants, telecommunication companies and others.

Cover Wallet is an online insurance brokerage that helps businesses acquire quotes from different carriers. This is ideal for small businesses when they need to compare the prices ith broker before purchase. Moreover, business owners can see the quotes or contact an agent for assistance. For low-risk businesses, CoverWallet insurance plans start at $63 per month.

6. Encourage Security Conscious Workplace Environment:

In any business, the most common cause of data breach is  employee error or misuse. Many employees don’t understand or cannot recognize when their own actions leave a system or your entire business network vulnerable to a cyber-attack. The UK Cyber Security Breaches Survey 2018 concluded that during the last 12 months, 43% of UK businesses experienced security attacks while only 20% of the companies offered training within the same time span. Another interesting fact was revealed that  attacks were more common in those businesses where the employees used their personal devices for work.

Educate Your Employees. Untrained employees regarding cyber-security matters are the weakest point in the organization and the strongest opportunity for the cyber-criminals. Unless your employees are properly trained and educated about these attacks and ways to prevent them, your business remains at the risk of cyber-attacks. In today’s age, it is essential that employees must receive proper training and education on subjects of cyber-security. Educating employees about  threats and basic measures or awareness is can reduce your business's exposure to threats.By encouraging a security-conscious environment and through teaching employees how to use their work and personal devices "safely" when they connect to  your business network, their home networks, or public "hotspots" , you will empower your employees to reduce the risk of attacks. 

There are numerous security awareness training programs that a business can consider to train the employees such as KnowB4, SANS Secure The Human,  or STOP.THINK.CONNECT.

Final Word:

Small business is  more at risk of cyber-attacks because they  invest little in online security of their business. Your best bet to prevent such threats is to implement the above-mentioned strategies that range from updated software to employees education and training

John Adams writes about online business tips and tricks, marketing and advertising for He encourages his readers to improve their quality of life by incorporating positive and good things. As he loves to share his insight about life experiences, he has contributed to the various online platform pertaining to possible legal issues in small businesses. If your business has been affected by a cyber-attack, you can take help from the cyber-crime attorney to recover the losses.

Cybersecurity Business Model: When in Rome...

By guest author Cristina Ion 

Improving cybersecurity is an expressed priority for virtually every cyber-enabled country. Actual investments in the IT security industry, however, remain greatly unequal from one region to another, from one country to another, or even from one industry sector to another. By comparison, the hacker community has shaped a burgeoning global industry of its own. While the infosec industry seems fragmented still, hackers have transformed their communities from guild-like organizations into a formidable, global industry with dedicated market places, a long-term vision and fixed objectives. Ironically, the modern day hacker resembles more resembles a cyber-businessman today than many infosec professionals. Why is this so?

Hacking: the rise of a new business model

The hacker community, like any other organization, aims for three things: increased revenues, cost reduction and product differentiation. Thus, it is quite simple to draw a parallel between today's cybercriminal businesses and traditional businesses. 

Increased revenues.

Author Terry Goodkind tells us that knowledge is a weapon and advises us to be "formidably armed". In our case, knowledge is data and this data can replace common currency on the Dark Web marketplace. The equation for increasing revenues in such marketplaces is simple:

↑ attacks = ↑ sensitive data = ↑ revenues

For example, on June 15, 2016, Kaspersky announced that over 70,000 servers were hacked worldwide in then recent months, and that these data were now available for purchase on a marketplace dedicated exclusively to hackers. For the very attractive price of only $6.00 USD, the hackers could gain access to the data on those servers to gather more data to sell in the market place. 

Sometimes, hackers employ other methods to earn revenue from data; for example, certain attackers use malware known as ransomware to coerce a payment from a user to restore access to data (yes, simple blackmail, see my previous article on, How to avoid being in a data hostage situation) . Until recently, Linkedin, Tumblr and other social networks saw login data exposed during previous breaches resurface on underground marketplaces (see my previous article,  Cybersecurity Hygiene and Social Networks) . The data breach attacks dated all the way to 2012. In instances like these, we can speculate that the current day sale may be a recycling attempt (some of these logins may still be useful), or it may be a a novice to the Dark Web market place who didn't make an informed purchase. Irrespective of the reason, the fact that data of these kinds remain on underground markets attests to their persistent value.

Cost reduction.

Successful, established businesses typically seek to increase revenue through expansion. Established attackers, too, are always eager to find new ways of compromising our computers or databases. New players, mostly amateurs, will also try to earn from the poorly secured and thus lucrative public Internet landscape. These players will most likely rely on existing tools and methods, often purchased cheaply from the established attackers, who sell attack  or exploit "kits" in Dark Web marketplaces. Established attackers thus derive revenue from sales or services to new players, who don't need to hack but can simply "buy online" to launch an already-prepared script and exploit a certain vulnerability. This thriving Dark Web industrialization is a strong indicator that cybercrime is expanding into a software as a service (SaaS) strategy.  

Product differentiation.

Marketing permeates every layer of the web, from the "Interweb" your granny uses to check her AOL email to the Dark Web, the Internet's sketchy neighborhood. Established hackers demonstrate their expertise on YouTube or more questionable and often illegal forums.  Often, underground marketing makes use of a completely different vocabulary from the fear, uncertainty or doubt (FUD) used in the commercial cybersecurity marketplace. The goal of hacker marketing is to recruit and instill commitment within the community: it's laid-back, quite frankly, funnier (for a taste, visit the Hacker’s Dictionary here), and given the growth in the industry, clearly effective.

When In Rome, do as the Romans do

Yes! Another well-known expression (or rather a quote from St. Augustine during his trip to Rome in the year 54). But don’t thank us yet for having quenched your thirst for knowledge, the article goes on (rest assured, it’s almost over!).

Companies all over the world have understood that, in order to protect their future, they must clearly define their business approach. Hackers were quick to grasp how to survive in Rome (#wink). They introduced a disruptive organizational model by leveraging collaborative platforms. The hacking community succeeded in transforming a crime family model into a distributed, loosely collaborative and profitable way to do business. 

Understanding how contemporary hackers operate could help us better cope with cyber-attacks. we should consider focusing directly on the root causes, not just on the symptoms. Traditional policy-based security, combined with the field’s best practices causes us to think of the cyber-threat landscape in a very Manichean way (it’s either black or it’s white), when the reality is actually painted in many shades of gray. Understanding how hackers think and knowing that they can also create their own business models is, by far, the only option we have if we truly want to be able to detect these shades.