(Photo | Pexels)
Modern Threats & How to Keep Your Business Safe
Running a business in the digital age means keeping up with the evolution of technology meant to streamline your operations. Now, a small business can reach billions of people across the world with nothing but the same social media apps that we all have on our phones.
An unfortunate truth is that while the business world continues to advance, so do those who try to scam, cheat and steal their way through it. The need for cybersecurity education in the business world is high, and many business owners do not realize how likely the chance of being targeted really is.
“People need to realize that no one hears about the small and medium businesses being hacked. There still is plenty of activity in that area, though,” said Evan Monson, an owner and the chief technology officer at Univision, an IT support company out of Missoula, Montana.
Univision services over 6,000 endpoints from businesses in a variety of industries, including healthcare, nonprofits, finance, manufacturing, education, government and more.
“Cybersecurity is what we do everyday,” Evan said.
Evan’s point is one that local businesses should consider; small and medium businesses getting hacked and scammed rarely make the news, which contributes to the commonly held belief that small and medium businesses don’t get targeted. According to Evan, there are many reasons why this is a false belief.
“All of us are just dollar amounts to a hacker. If they think they can profit from you, they will try. It’s never personal, and things like location and size don’t matter,” Evan said. “Hackers are targeting them because most of them don’t have the same cybersecurity that large corporations do, and it’s easier to cast a wide net.”
He continued, explaining how it makes more sense for hackers to send out attacks to 1000 small businesses knowing that, at a certain point, it really is just a numbers game, waiting for some of those businesses to fall victim to that attack. This is opposed to spending weeks if not months trying to get into a large corporation, which can result in groups like the NSA or the FBI now having that hacker on their radar.
“Most hackers don’t have the knowledge or skills to get into most large corporations, and it makes sense to stay small to avoid getting caught,” Evan said.
One of the major threats is ransomware, a type of malicious software that is designed to halt or block access to a computer’s systems until a sum of money is paid. The success of ransomware attacks increased by 50 percent in 2023, according to Evan, meaning that more businesses than ever are being hit.
Why the sudden surge? Evan points to AI. Normally, ransomware can be blocked by an antivirus software due to its known signature that the antivirus software knows to block. However, these new AI-built softwares, called payloads, do not typically contain any previously known signatures in their coding, because the AI is producing it all, basically from scratch. This means that these custom-built malware payloads are very effective at getting around the antivirus packages on most devices.
Another factor as to why these cyberattacks are more prevalent is simply the volume of attacks. As the world continues to modernize and connect, we open up all kinds of pathways for hackers and scammers to steal data. There are more targets to hack, and more hackers, than ever before.
According to Evan, ransomware might be the biggest threat to small and medium businesses, but social engineering attacks are the most common, and widely successful. A social engineering attack involves trying to trick a human. These are commonly encountered in the form of an AI model or an actual person calling a business’s employee and pretending to be from their bank, the IRS, their IT provider, or another entity that would reasonably require the employee to share private or sensitive information.
A modern hacker can attack millions of endpoints in one attack, trusting that at least one of those endpoints belongs to a business that thinks that they will never be targeted.
The effects of being hacked go beyond the immediate financial loss, according to Evan, “A lot of people don’t think about how much time and effort it takes to undo the damage of a cyber attack. From restoring backups and recovering money to restoring your image with the public who now thinks that their info may not be safe with you, it’s all costly.”
So what can a business owner do to keep their information safe and secure from these hackers? With varying levels of budget, Evan has some recommendations.
At the very least, Evan recommends having a cyber insurance policy to make sure all of your information is insured. In addition, each and every business should backup their data in some way, either on the cloud or on other physical harddrives.
He also says multi-factor identification, as well as security training for staff, is a must. Lastly, his essentials include Endpoint Detection and Response software (EDR) that comes with a Managed Detection and Response (MDR), along with a regular antivirus software. All together, these are a great line of defense.
At higher budgets, Evan recommends a next-gen firewall, an email security platform, as well as setting up a zero trust security system, which essentially means that no device is remembered or trusted, so log-in credentials must be given every time.
There might be more hackers out than before, but there are also more ways to protect your business than ever. With these tips from Evan, business owners can help protect their information, and that of their customers.