Are Startups or Small Enterprises Vulnerable to Hacking? Let’s see how we can help them…
The first half of 2017 saw ransomware attacks on a scale never seen before, with the spread the WannaCry ransomware-worm in May, followed by the outbreak of the self-spreading Petya ransomware in June. Year 2017 and 2018 has seen some bigtime identity theft like Facebook Security Breach Exposes Accounts of 87 Million Users and Equifax’s Identity Theft exposes 143 million U.S. consumers’ Social Security Numbers, dates of birth, and other sensitive personal information. The most recent revelation from Marriott is that as many as 500 million customer data has been hacked from the customer database of Starwood Hotels. Customers’ credit card information, name, mailing address, phone number, email address, passport number, date of birth, gender, etc. are part of the compromised data.
Last year’s NotPetya malware attack provided clear examples of how falling victim to cybercriminals can cost businesses dearly, with Reckitt Benckiser, FedEx and Maersk among those facing losses of hundreds of millions due to the impact of system downtime. For example, Maersk had to reinstall 4,000 servers, 45,000 PCs, and 2,500 applications, with the need to do so impacting on the shipping firm’s ability to do business.
Global businesses are losing the equivalent of nearly one percent of global GDP (Gross Domestic Product) a year to cybercrime, and it is impacting job creation, innovation and economic growth. So says a report from cybersecurity firm McAfee and the Center for Strategic and International Studies (CSIS), which estimates that cybercrime cost the global economy nearly $600 billion a year in 2017 — up from a 2014 study which put the figure at $445bn.
The Asia Pacific region alone has lost $171 billion to cybercrime in 2017. No digital form of financial instruments are opaque from cyber-attacks, even the much touted peer-to-peer BlockChain based NEM cryptocurrencies – Tokyo-based cryptocurrency exchange Coincheck, where almost 58 billion yen of NEM coins were stolen. That wasn’t the first of its kind, but it was certainly one of the biggest thefts to have occurred.
These cyber-attacks and security breaches are no longer script-kiddies or youngsters sitting in their basements and attacking your IT systems, but it is an organized professional service known as Cybercrime-as-a-Service. It is becoming more mature; it’s now serious, organized crime that are using these services. Some reports say that “no single cybercriminal organization can specialize in every form of attack or nefarious activity, so there’s an increasing market for hiring of skills or purchasing of toolsets to help facilitate criminal activity — be they online, physical or both. When they require something outside their own area of competency, they need only to find someone offering the appropriate tool or service in the digital underground; they can simply buy access to what they need. They run these operations secretly with no-mercy.”
The above were the stories of some of the Global Fortune 500 corporations. It won’t be difficult to imagine the state of SMEs. Some study says that most small businesses are incredibly vulnerable to a cyber-attacks. They fall into preys of all sorts of ways the bad guys can get log-in credentials and other critical data from your business – hackers can send you a fake phishing email that looks legitimate (for example, the hackers will incorporate some personal info that they easily find on social media) or have you click on an innocuous link that is in fact infected with malware, or covertly install key-logging software on your computer that allows them to see what you type, and worse. Logging on to a spoofed site give the hackers everything he needed to potentially compromise the business.
As the cyber-attacks impact economic growth, it is becoming a big headache for the entrepreneurs. Instead of focusing on the business and taking it to new heights, now they will have to deal with this and making them less competitive. Some of them have started taking cyber security seriously. They hire third-party vendors to handle security. Many of them do not have that kind of resources and most of them do not know from where to star. If they can do something to prevent cybercrime from happening in the first place, that is going to be a win for them. So, what can they do minimally?
- Get Security Training for your staff: They need to know what a phishing scam is, what to look for and what your cybersecurity protocols are.
- Use a Firewall & Virtual Private Network (VPN) in order to hide IP addresses and encrypt internet connections.
- Implement some sort of Identity & Access Management to manage who can access to your business critical IT systems, when can access them and from where can access them. Also, implement Password Management for the users.
- Enable two-factor authentication: This means that after you login to a site/IT System, you receive either an email or a text with a code (aka One-Time Password i.e. the second authentication). You enter that code to get in. Cyber-criminals will find it difficult to crack that to use.
- Install Cyber Security Software Suite: Some of the choices include Sophos, McAfee, Symantec, Bitdefender, and Trend Micro. The average cost is about $50 per user a year.
- Need a good teammate or a consultant who knows information security: Beyond implementing the hardware and software tools for security and getting help from the experts of these software/hardware vendors, the options include hiring a techie expert or using a third party vendor.