While it’s always the security breaches at large international and governmental sites that grab the headlines, the truth is that 18% of Canadian small businesses were affected by cybersecurity incidents last year.
The payoffs may not be as great, but cybercriminals target small businesses for quick payoffs in large volumes of attacks.
But it’s not just digital threats that affect small businesses. ‘Dumpster diving’ is a well-known technique criminals use to find personal information they can exploit in identity theft crimes.
However, as a recent lawsuit in the United States shows, criminals aren’t afraid to sift through vast quantities of a business’s garbage for valuable, sensitive data too.
In fact, they waded through the garbage of a waste collection agency to find the information they needed to commit numerous cybersecurity crimes that affected a great number of people.
This means that as a small business that’s responsible for keeping clients, employees, vendors, and other information secure, partnering with a company that provides mobile shredding services is as crucial to your security and risk management as your cybersecurity tools.
These are some of the other data security threats faced by small businesses:
Phishing Attacks
This is one of the most common social engineering attacks where a cybercriminal attempts to get their victim to give up personal information.
Phony emails still seem to be the preferred method of choice, and they’ve gotten better at ‘spoofing’ legitimate email clients.
For example, a victim will receive an email claiming that there has been suspicious activity on their Facebook or Windows account and the reply email is one these companies use to notify of security breaches.
However, if you click on reply, the address changes to a completely different email address.
If you reply to the email, the criminal will ask you to enter your login information which they use to access your business’s online accounts.
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
One of the most popular cyberattacks is still commonly in use. A hacker uses one computer (DoS attack) or multiple computers (DDoS attack) to flood a network, server, or system to overwhelm its resources and hold a small business ransom until the business owner pays them off.
Malware
This attack is carried out by viruses, worms, spyware, and ransomware. An employee or business owner will unwittingly download the malware by clicking on a link or opening an email attachment.
The malicious software causes drive damage and data breaches by crashing or disrupting the system, spying on the users and sending out sensitive information, or blocking access to data on the network and holding it hostage.
SQL Injection
In an SQL injection, a hacker enters malicious code into a website’s search box that infects the server using SQL. This type of attack allows a criminal to access and tamper with server data, giving them the authority to alter, delete and download records in the database.
| To Protect Yourself and Small Business Consult a cybersecurity specialist and follow their instructions. Keep your software up-to-date and even if an email looks 100% legitimate, if it’s not from someone you know, treat it as suspicious. |
Additionals:
