In 2015, 120 million small businesses were hacked by outside hackers, almost double the number from 2014.
Despite the prevalence of this kind of cyber crime, many small businesses choose not protect themselves, trusting their anonymity to keep them safe. A recent study shows more than 80% of small businesses have adopted the belief that the information on their databases are “not valuable enough" to be hacked.
Business Data Breach and Small Targets
In light of large corporation hacks, like Target’s recent data breach, who would think that hackers look for small, ten employee business to take advantage of? But the question answers itself: such businesses are actually more often the target because they assume they won’t be attacked and therefore don’t have enough security. And the cost of such a mistake can be devastating. IBM reports that the cost of a data breach IS $3.79 million on average.
The Right Insurance
What can a small business do to protect itself? Well, an easy first step would be buying Cyber Liability Insurance to cover the cost of a data breach and to provide educated advice before any incidents occur. Once you do this, there are plenty of things you can do to prevent cyber attacks on your business.
The Right Data Practices
There are three main types of hacks that your company could be a victim to: a brute force attack, a dictionary attack, and a keylogger attack.
A brute force attack simply cycles through likely passwords, often with basic information of your company on hand to aid the process. This is where simple passwords like password1, qwertyuiop123, or lastname1976 can be compromised.
A dictionary attack is very similar, but it cycles through as many combinations of simple words as possible to guess your password. This is where your pet’s name or favorite food will fail. With programs capable of guessing such massive quantities of passwords, those annoying passwords with symbols and longer words start becoming more valuable. With passwords protecting large amounts of money or important documents, random strings of letters and numbers are your best bet.
Keylogger attacks work by tricking you into downloading a code which will record all the keys you type throughout the day and sending them back to the hacker. No password can protect against this kind of attack, and the only way to stop it is never downloading the code in the first place. Safe email and internet browsing practices are a must to avoid Keylogger breaches.
The Warning Signs of Phishing Scams
Phishing scams are used by hackers to get your private information from you. Rather than searching around in your computer, they will ask you to type the information in or send an email with the info on it. Obviously, they don't just ask, but rather try and trick you into thinking they are a business or other entity that has some authority. Follow the tips below to make sure you aren't falling prey to these kind of scams.
First of all, check for bad spelling and grammar. Real businesses, especially banks, are very good at checking that, and are unlikely to make a mistake. Additionally, be skeptical of emails that don’t address you by name and start with simply a 'hi.'
The next step when searching an email is giving a careful look at ant URL that is attached. By hovering over a URL, you can see where it will actually send you by looking down at the bottom left corner of your screen.
Sometimes the URL claims it’s sending you somewhere different. Additionally, URLs can be made to look like they’re from an important company by using the famous company's name. For example, apple.scam.com will send you to a section of scam.com named 'apple,' and will have nothing to do with the actual company Apple.
Any emails seemingly from important companies asking for or demanding your information should immediately be discounted. No real bank or company will forget your password, or need your Account Number for any reason; they already have the information in their records. The same is true for any email that needs your credit card information.
If an offer looks “too good to be true," especially if you didn’t initiate it, then it is a scam. If you didn’t enter a sweepstakes for a free iPad, then don’t expect to win one, no matter what the email may tell you.
A final trick many hackers will try is impersonating a government agent or agency. If the government wanted to get in touch with you out of the blue, it wouldn’t be through an email, and especially not one that asks you to click on links.
These are just a few of the ways that you can protect yourself from cyber crimes, but no one's data security is completely bullet proof. A Cyber Liability policy is the only way to guarantee that a data breach won't leave you and your company bankrupt.