Small Business Cyber Attack
In recent days some fairly prominent brands in their industry have been forced to publicly announce that they’ve been targeted by cyber attack. While it always seems larger businesses are always in the news; the fact mustn’t be lost that small business cyber attack is just as common with it being reported in some places that 43% of small businesses having been subject to an attempted cyber attack in 2018.
With the recent changes in data breach notification within Australia; it’s even more important to make sure small business cyber attack is prevention is undertaken.
Recent Cyber Attacks
As mentioned above, there have been a couple of high profiled cyber attack reporting’s in Australia recently:
- Cabrini Health Australia reported that 15,000 heart patient records has been encrypted by ransomware. The ransom was reportedly paid; although not all the records were able to be decrypted. The only saving grace is that no personal information was taken during the attack.
- Toyota Australia confirmed an attempted cyber attack left many employees without access to their e-mail for a number of days. There currently is no evidence that employee or customer data has been compromised.
Cyber Attack Types
There are many types of different cyber attacks which can occur; the most common are:
Malware is just a term used to describe malicious software; and includes the likes of viruses, worms, ransomware and spyware. Malware typically gets through vulnerabilities using methods like email attachments, links within e-mail, installing software from third party websites.
Malware has the ability to:
- Block access to files, folders and even the network.
- Transmit sensitive information without any notification it’s occurring
- Crash operating systems, making them inoperable and requiring a full rebuild.
Becoming more popular with hackers; phishing for information is done by sending communication that appears to be from a reputable source in the hope of having someone enter sensitive information such as account logins or credit card information.
As with malware; the common way this penetrates networks is via attachments and links in the body of an e-mail.
Zero Day Exploit Attack
This type of attack occurs when a vulnerability is identified and published online; however there hasn’t been time for a solution or patch to be released and applied to close the vulnerability.
This is why it’s important to make sure that all devices, software packaged and operating systems are updated regularly; so these gaps can be closed as efficiently as possible.
Denial of Service (DDoS) Attack
A denial of service attack has the sole aim to bring systems and networks down by exhausting all resources the system or network has available. This is done by sending many illegitimate requests; meaning that legitimate requests take longer to process or fail completely.
One of the most famous examples of a DDoS attack occurred to GitHub in 2015.
Cyber Attack prevention for your small business
Becoming more common with any type of online services that requires an account for access. Two-factor authentication requires the account login details as well as a ‘live’ piece of information generated at the time of login to prove a user is who they say they are. Typically this is a code which is sent to a registered mobile phone or e-mail that only the user should have access to.
Protect Business Related Data
There are a few things that can be done to protect data that your business relies upon. Ensuring that account access is only available to those that absolutely need access is critical. A number of businesses have network based data that can be accessed by all users – meaning that if one user’s account is compromised; all that data is wide open.
Thorough Sign-off Policy when employees leave your company
While this sounds like a large task, it’s mainly a checklist that is reviewed and signed off on when an employee leaves the company. This includes disabling access to any company system the user had access to (including domain, e-mail accounts and any cloud based applications); door pass codes, keys and any other physical access that’s required to your building and returning any devices (phones, tablets) or laptops that they’ve been provided as part of their role in the company.
It’s best to have this completed prior to the employee leaving the premises for the last time.
Take out a Cyber Insurance Policy
While is good to implement as much security as possible; there is no such thing as a 100% guarantee when it comes to implementing small business cyber attack protection. Luckily there are many insurance companies who provide cyber insurance; that covers your company from all the threats that being in a digital world brings.
This will help mitigate any financial losses that are incurred should your small business find itself a victim of a cyber attack.
Always have a backup (or three) of your data
Along with the insurance policy mentioned above; an internal insurance policy is making sure that your business has a robust backup and disaster recovery strategy. This means that at a minimum the 3-2-1 backup rule is followed; with one copy of your data always in a different physical location to your primary data.
The last thing with this that is usually the most forgotten part is that regular recoveries of your data should be performed. Regular tests help with:
- Problem Identification
It’s known that the majority of problems during a live recovery could’ve been found and avoided by finding them in a test scenario; rather than a live disaster recovery scenario.
Whoever is charged with recovering the data and getting the businesses IT systems up and running again will be more proficient in the process. This provides knowledge of what to expect prior to having the additional stress of an outage going on around them.
A backup isn’t any good unless it’s able to be recovered in a disaster scenario. Not only does testing the backups mean that you can recover the files; but you should also identify any data that should be backed up that may not necessarily be part of the backup.
Test My Backups
While there are many different things to take out of the above sections of this article; we’re focused mostly on reliable backups. The Test My Backups team have seen many situations of small business cyber attack occur that resulted in some form of permanent data loss.
Due to this; we’ve devised a number of backup strategies that utilise backups as the final line of defense against data loss due to cyber attack.
Test My Backups is your last line of defense against data loss due to cyber attack. Take advantage of our free consultation service; get an honest and realistic perspective of your small businesses chances of avoiding permanent data loss in a cyber attack.