4 IT security threats that SMB’s could be facing

Security Threat

If you picked up a newspaper over the last couple of months, you won’t have failed to notice the story about the hacking of Sony; supposedly by North Korean agents opposed to the less than flattering portrayal of their “Dear Leader” in the movie “The Interview”. It made for good headlines but it should make all business owners stop and think. “If a huge multi-billion dollar company such as Sony can be so easily attacked by malicious hackers, is my own IT security thorough enough?”

Well the truth is that all companies are at risk. Hackers are becoming increasingly sophisticated and continuously developing new techniques to access systems and steal precious data. So it’s worth knowing how you can be at risk and what you should be doing about it.

And don’t think that because you are a small business that you won’t become a target of hackers. A recent study by Symantec shows that small businesses are frequently attacked.  And they are often easy targets, as they tend to have fewer security measures in place to protect data, or don’t undergo regular security checks and system maintenance.  This is why cyber-attacks on SMBs have risen over 72% in the last few years.

With that in mind, here are four new security issues you need to be aware off. We have also included ways you might be able to combat them, but it’s always worth having your IT guy come in to check and secure your systems.

Data Theft

You can’t trust anyone these days. Well, of course you can really but there’s always a bad egg and one disgruntled employee can cause a lot of damage if they put their mind to it. Data theft from companies by employees is surprisingly common and they often target confidential data and customer information. And now that more businesses are migrating to the cloud, even more members of staff can have access to a shared database. It is often all too easy to log in and steal information.

How to fix this problem: Obviously it is important to screen your employees thoroughly at the interview stage, but you can make yourself more secure by upgrading to a private cloud, which gives you more security options.

Banking Trojan

One of the biggest current threats is known as the Banking Trojan. This is a nasty piece of malware that gets into your systems via the usual infection methods: downloads and phishing emails. Just one click of a mouse on an infected link by a member of your staff is all it takes for the virus to get into your systems. And once it’s there, it can cause havoc. Once your systems are infected a hacker can remotely access your computer data. And they tend to seek out usernames and passwords for your online banking systems.

The Banking Trojan allows a hacker to remotely access your computer data. And they’re not just after any old information. The malware targets the username and password login for your bank’s website. And if it gets it, your company could suffer the same fate as Patco Construction from Sanford, Maine who had over $588,000 taken from their accounts by hackers using a Trojan called Zeus Malware. Even though it is poor security on behalf of the banks, that often enabled such attacks, they don’t always cover financial losses which leaves most businesses in such a position facing bankruptcy.

How to fix it: The usual anti-virus programs and firewalls will rarely catch this sort of malware so it’s all about being vigilant and training your staff on how to recognise threats in suspicious emails. Another step you can take to stay safe is to buy a cheap laptop that’s only used to access online banking accounts. If you never check accounts from other computers you’ll  retain a huge level of control. This could be even more secure if you always access the internet through a virtual private network (VPN) which makes use of sophisticated encryption.

Phishing Scams

These days even your granny is probably familiar with phishing. This happens when you get an email, probably from an unknown sender which carries a tempting attachment, irresistible to clicking fingers. In the past, this scam has been pretty easy to spot, but these days phishing is getting more sophisticated especially with the proliferation of social media where people’s personal information is easily found and phishing emails personalised more. Hackers find it all too easy to gather a range of information from the social media and send emails that seem to be from friends or acquaintances. What they’re after is data such as usernames, passwords and credit card details, which they can often access once you hit that “trusted” link.

How to fix it: Once again, proper staff training is essential. If you allow staff to use social media in the office, make sure they adjust the settings so that they are not disseminating too much personal information. They don’t need their addresses, birthdates or even their hobbies to be so visible and they certainly shouldn’t be sharing your company information with the online world. It is also well worth investing in some high quality email & spam protection to prevent malicious emails from getting to your staff in the first place.

Cross Infection from Home Computer

These days it is not uncommon for staff members in small and medium businesses to take work home with them or even for people to use work computers for personal reasons – a little online shopping, Facebook or networking. This isn’t usually a problem but when these boundaries between the office and home becomes blurred you are once again putting your systems at risk.

In such a set up, you’re at risk simply because you don’t know what type of security your employees have on their home computers. They could be riddled with viruses. So if they bring a USB, SD card or hard drive from home and plug them in, your work systems could be infected. Or employees could leave you at risk if they are streaming videos or visiting unsafe websites. One click in the wrong place and your whole IT system could be infected.

How to fix it: It’s fine to be a relaxed boss but you can’t take risks with your IT security. These matters need to be talked about with your staff and it pays to be strict. Tell them what sort of online behaviour is acceptable and what isn’t. Another option is to hire a trusted IT expert to come and monitor your employees’ online activities, and then block specific trouble websites as they arise.

Empower IT Solutions specilases in pro-active IT Services for Small to Medium Businesses around the Sydney region. It pays to be informed about IT security and Empower IT can help keep you safe. Why not drop us a line?