Cyber Attacks: A Guide for Small Businesses
The term "cyber attack" refers to any number of ways a criminal may attempt to damage or access sensitive information from a computer or networked device. The frequency and sophistication of these attacks continue to increase dramatically while law enforcement and computer security companies frantically try to keep up. Entrepreneurs must wear many hats to be successful and can't be expected to have technological expertise. However, it's important for all business owners to become familiar with the most common types of cyber attacks.
Viruses are perhaps the most familiar type of computer-related offense. They are programs or pieces of software code that are loaded onto your computer (or smart phone) without your knowledge, often by enticing the user to open an email attachment. Viruses can compromise a computer or an entire business network in a number of ways, including the deletion or corruption of files. New viruses hit the internet every day, according to the Better Business Bureau.
- Defenses - Antivirus software is widely available and should be regularly updated; train employees about the common ways computer viruses are spread; infected computers should be taken offline immediately.
Your computer may be infected with spyware without your knowledge. This type of malware (software used for nefarious purposes) secretly collects information from a computer, which can include credit card numbers and Social Security numbers, typically recording the keystrokes of the user. Spyware sometimes is used by marketers and spammers, covertly installed along with a downloaded application, but also can be used for credit card fraud and identity theft.
- Defenses - Search online for anti-spyware software, some of which is free of charge; some signs that your computer may be infected with spyware include frequent pop-up ads, sluggishness and changed settings.
Chances are, you have received an official-looking email attempting to trick you into verifying your personal information at least once in the past few years. This is called "phishing," and can also take the form of a fake web site attempting to take advantage of user mistypes (for example, typing "paypak.com" instead of "paypal.com" and being taken to a site that looks like paypal.com but isn't). In a business setting, a phishing attack may try to get an employee to give up the password to a customer database.
- Defenses - A good spam filter may help block a majority of phishing attempts, but a well-informed workforce may be the best defense; also, check for the secure connection icon (a closed padlock) in the browser when transmitting sensitive data.
Similar to phishing, pharming redirects a web site request to a fraudulent site that closely resembles the intended one. The criminal hacks into the server to embed the malware so that users who type in a given address are automatically redirected to the fake site, which then collects information given by the user.
- Defenses - Like phishing, an informed workforce is probably the best prevention to workplace pharming attacks; if a web site redirects to another address without providing an indication to the user, it could be a pharming attempt. Use an intrusion prevention systems and network scanners to secure your company's web server.
Keyloggers, Bots and Trojans:
These are applications that appear useful or at least benign, sometimes taking the form of screen savers, that entice the user to download them. But they carry viruses or other malware that can be destructive to computer files and may compromise data security. The user is often unaware they even exist but the implanted malware can send sensitive personal information to a third party.
- Defenses - Some companies have strict policies pertaining to the types of files employees may or may not download and install; regular virus and malware scans can help detect such attacks after the fact.