Many of us were eager to usher in the end of 2020. We get it. As we continue to navigate the COVID-19 pandemic, we also look ahead to 2021 and, hopefully, a bit of a return to health and normalcy. Yet, there is one unfortunate reality in the new year that is much less welcome: a rise in cyberattacks against small- and medium-sized businesses (SMBs). While we took a relaxing and well-deserved break over the holidays, nefarious actors were busy looking for new ways to target and exploit business networks, devices, and services.
The 2020 State of SMB Cybersecurity report finds that 77% of SMBs are concerned about an attack in the next six months and plan to increase their cybersecurity over the next year. SMBs hold valuable data and information but, at the same time, often lack the staff, resources, and strategies to effectively thwart intrusions. The pandemic has exacerbated the risk as more people work remotely on insecure networks, unprotected devices, and poorly configured collaboration platforms. Which makes SMBs like yours the ideal target.
So, as we eagerly enter the new year, we must remain both optimistic, yet grounded in the reality of the threat landscape. We must also be proactive. Cybersecurity will be more relevant than ever before. In that spirit, we share the top five threats your business should be aware of, as well as some recommended measures to keep your business safe and prosperous in the years ahead.
Phishing Attacks
The majority of intrusions against SMBs are via credential theft and social attacks. Phishing scams account for 25% of this, in which an attacker poses as a trusted entity to coerce someone into opening a fraudulent message or providing information the attacker uses to gain entry. Phishing attacks can be carried out in myriad channels, including email, text, social media, and voice communications.
As a technology leader, you know that you are only as protected as your people are. Meaning that even with secure tools and configurations, people can inadvertently introduce risk via phishing attacks, ransomware, malware, or other social engineering attempts. And this is especially true amidst our work-from-home landscape.
What you can do: First, protect your business by training employees to recognize scams. Let employees know of new potential threats as they arise. Educate your team on how to spot fraudulent messages and provide a clear plan for what they should do if they think they are targeted. (For more, see this post on best practices for effective cybersecurity training for your staff.)
Second, employ multi-factor authentication (MFA). It’s a simple yet effective way to improve your security posture as it requires users to provide an additional form of identification. Your team can use MFA for more secure access to corporate assets, especially when working from a home office environment.
Lastly, consider a regular security “health check” for your business. Many third-party experts, including N8 Solutions, can provide an affordable, timely, and detailed assessment of your essential functions. This can help your team uncover security vulnerabilities, assess backups, and identify other network issues that could result in costly downtime.
Ransomware 2.0
2020 saw a steep rise in ransomware attacks, a type of malware in which an attacker encrypts your files and demands a ransom to restore access to your data. Any digital means can be used to deliver ransomware, including email, website attachments or downloads, business applications, or even via social media.
A TechRepublic survey of 500 executives at SMBs found that nearly half of respondents had already been hit by ransomware and nearly three-quarters ended up paying the ransom to recover their data. This unsettling figure shows no sign of letting up in 2021. We may also see new variants this year, such as a “twist” on ransomware in which criminals attempt to exfiltrate all needed data before a business even knows it’s under attack.
What you can do: Employ a combination of preventive measures to eliminate or reduce the risk of a ransomware attack, including:
Email gateways: Once installed, the gateway is configured to scan all incoming and outgoing emails, including links and attachments, for potentially malicious content.
Secure VPNS: This will ensure your users connect securely, even at home. We also suggest adding MFA for all VPN logins to further prevent intrusion.
Password management: Despite the ubiquity of login credentials, many organizations continue to set weak passwords or use the same passwords across multiple sites. Educate your employees on how to set strong passwords and consider using a password manager.
Cloud Security and Remote Workforce Attacks
As millions transitioned to the new realities of remote work, SMBs relied on popular cloud apps to stay connected and productive. But when these tools are improperly configured or used, it can leave your business prime for attack.
What you can do: Create a cloud security plan that includes clearly defined security policies and best practices. As a result, employees will have a clear roadmap of the dangers that exist, how to mitigate them, and what behaviors or best practices everyone must employ to stay safe.
For example, advise your employees to only use secured WIFI networks. If employees are unable to access a secure network, ask them to use a VPN or their mobile device as a hotspot. The cloud security plan might also include details on proper cloud app configurations. Many important security features are indeed built-in to popular cloud apps, they’re not all plug-and-play.
Endpoint-Delivered Attacks
Given the proliferation of remote offices, physical endpoints will be a common attack vector in 2021. Endpoints can be anything from on-premise workstations and servers to corporate networks that connect physical and virtual servers to mobile devices. Forbes reports that mobile device security will be the fastest-growing category of cybersecurity in the new year.
What you can do: Deploy an endpoint detection and response solution. The primary function of such a solution is to monitor and collect data from endpoints that could indicate a threat and/or identify threat patterns. The right solution will enable you and your team to then respond to threats in a timely manner to mitigate the risk or remove the threat. This is exactly why we partnered with Malwarebytes, the leading anti-malware software, to offer the best-in-class endpoint detection response solution for your unique business.
Insider Attacks and Negligence
The majority of cyberattacks (70%) originate from external actors. However, user error and insider attacks do comprise a worrisome percentage of attacks, and we expect this trend to continue in 2021. According to a Verizon report, 34% of cyberattacks in 2019 happened due to internal negligence.
In some cases, this could already be happening across your business in an ill-advised but hard to police “Bring-Your-Own-Cloud” environment. When working at home, your staff might be using popular cloud technologies like Dropbox, Adobe Creative Cloud, or Evernote for work-related tasks but in an unplanned or unstructured way. While the intention might be altruistic (such as saving time), improper use can put your business to risk.
What you can do: Make sure to have the proper security tools and policies in place and invest time to train your staff. This should include a discussion around the dangers of using unsupported tools or practicing bad behaviors.
We’re Here to Help
We painted a bit of a dire picture for 2021, but for good reason: it’s critical for SMBs to be informed and prepared. However, if your technology team lacks the time and resources to implement these suggested measures, consider partnering with a third-party expert in 2021. It’s a worthwhile investment.
At N8 Solutions, for example, our workplace cybersecurity experts can help you establish a VPN, implement the right collaboration tools, set up multi-factor authentication, install or update anti-virus software, and create custom educational resources for your team. And we do it all with a people-first mindset, a sense of urgency and speed, and affordable and predictable services.
As a result, you can stay connected, productive, scalable, and secure in the new year.
Please get in touch with us anytime at (262) 288-1501 or via this form.