Cyber Security and SMBs
by S Brandt
31-Oct-2016

Introduction

Cyber security has certainly become the latest hot topic in IT – but it’s hard to keep up with what the real risks are to ordinary business. Last week’s DDoS attack that took down Twitter and PayPal (among others) is an excellent example of the frightening ways hackers are evolving, but how worried should your business be?

The good news is this latest attack isn’t what you should be worried about. DDoS (Distributed Denial-of-Service) attacks occur when hackers leverage a network of computers to send traffic or data that will overload a system. Attacks like this are typically targeted at high profile organisations, and your business will rarely get caught in the crossfire. This doesn’t mean you shouldn’t be aware of it, and shouldn’t take steps to prevent it, but it is simply one piece of the bigger cyber security pie.

In this article we are going to cover the types of attacks small business are likely to come in contact with, before discussing some handy tips for protecting your organisation.

Types of Cyber Attacks

Ransomware can be downloaded via malicious emails and websites simply by clicking on a link, and remains one of the most common types of attacks faced by small business. The sophistication of these attacks is constantly evolving with high success rates, as has been demonstrated by the recent Cryptolocker virus masquerading as Australia Post emails.

Once activated, Ransomware encrypts the files on a computer as well as anything locally connected to that computer such as file servers. The victim is then directed to a web page that provides instructions on how to pay the ransom to get the key to decrypt the files.

The best advice to deal with a Ransomware attack once it is activated is to not trust the attackers to provide the decryption keys (i.e. don’t pay!). Also ensure you have good, safe, up to date backups that you can recover from.

Spear phishing is sometimes referred to as the cyberspace version of social engineering, because the exploiter typically employs psychological manipulation to establish trust and elicit information from the recipient such as bank account details or passwords.

Although there has been much education awareness about this type of attack, it is still very popular as the methods used can be quite convincing. Using social media and other publically available information, these emails can look like they come from someone you know, or an organisation you have an account with.

Avoid this type of attack by having a policy of not replying to, opening attachments or clicking on links in unsolicited or suspicious emails. Deploying email protection services to detect and quarantine malicious emails and spam is essential.

What you can do to improve Cyber Security

For IT security to be effective, awareness must be converted into action. This means taking steps to mitigate the risks with a comprehensive approach that includes:

  • Regularly reviewing security policies;
  • Having an ongoing program of security reviews and assessments;
  • Investing in security technologies and services such as next generation firewalls, encryption, system monitoring and strong password authentication; and
  • Having effective employee education programs to ensure staff understand how to deal with the latest exploitation techniques;

Many organisations make the common mistake of deploying cyber security as a “set and forget” strategy. An example of this is where a firewall is deployed to protect an organisations network perimeter, and ongoing vulnerability assessments and penetration testing is never done. This is equivalent to installing a fire alarm at your office and not conducting on-going fire alarm testing to ensure the fire-alarm is effective.

For additional information and mitigation advice, refer to the Australian Government OnSecure portal or CERT Australia Advisories - or contact us today!

 

There are no comments

Want to know more?

Call us

We're here to help! Phone to discuss our products, services and pricing options.

(02) 9869 5888

Let us call you

Get more information


Why choose 3rdmill?

The world of IT can be daunting and frustrating at times - but we are here to help make your life easier. We pride ourselves on being a one stop shop to fulfill your IT needs.

Read more