When we think of cybercrime, we might just picture the huge government shutdowns or ransomware attacks that cost millions of dollars, but they’re really much more common than that.
Shockingly, the 2020 Cyberthreat Defense Report (CDR) by CyberEdge Group found that 78% of Canadian organizations experienced at least one cyber attack within a 12-month period. In 2021, this figure rose to 85.7 of Canadian companies.
In fact, small businesses are actually more likely to be targeted by cybercriminals than large enterprises. This is because they often have less robust cybersecurity infrastructure and are less likely to have dedicated security staff. As a result, they can be an easy target for things like phishing attacks, ransomware, and other malware.
These threats are always evolving, but we’ll work through 5 of the most common attacks that your small business’s cybersecurity should have covered.
1. Phishing
Phishing attacks are so common because hackers have gotten very good at posing like a legitimate company or individual. That’s why you may see messages from your bank or government sites confirming that the website you’re using or the email you received is the real thing and not a phishing scam.
Cybercriminals will trick users into giving away sensitive information, such as passwords or credit card numbers and once they have the information they need, they can use it to steal money or commit identity theft.
To protect yourself against phishing attacks, it’s important to be aware of the signs that an email or website may not be legitimate. For example, if you receive an unsolicited email from someone you don’t know asking for personal information, that’s a big red flag.
You should also be wary of any email that contains spelling mistakes or grammatical errors, as these are often signs that the message is not from a legitimate source. Train your employees to flag emails from unreliable sources and make sure that they never open an attachment from a suspicious looking message.
2. Malware
Any type of malicious software that is designed to damage or disable computers falls under the umbrella term of malware. It can include things like viruses, ransomware, and Trojan horses.
One of the main ways that malware can get on your computer is by downloading it from a website or email. You may also get it through infected files or by clicking on a bad link.
Once the malware is on your system, it can do all sorts of damage. It may delete files, steal information, or even encrypt your data so that you can’t access it. In some cases, it can even take over your computer and use it to attack other systems.
You should have a good antivirus program installed on all of your computers to protect your business from malware. You should also be careful about what websites you visit and what emails you open. If you’re not sure whether something is safe, err on the side of caution and don’t click on it.
3. Ransomware
By infecting your data with malware, hackers can “kidnap” your data and encrypt it until you pay. This can be one of the devastating attacks for businesses because it threatens a company’s lifeblood: data.
In a survey conducted in 2021 by Telus Corp, 83% of the 463 Canadian businesses reported that they had experienced a ransomware attack. More than two-thirds were unable to stop the attack and about 44% had to pay the ransom.
The average ransom paid was $140,000 but the cost didn’t stop there. Many businesses said that the cost of the ransom was only 10% of their total costs in recovering from an attack. If that doesn’t make you want to ramp up your cybersecurity, we’re not sure what will!
4. Denial of Service
When cybercriminals flood a website or service with so much traffic that it overloads and crashes, you’re “denied” access to that particular system.
While this may not sound like a big deal, it can actually be very costly for businesses. Not being able to access your email or website can mean lost sales and productivity. In some cases, it can even cause physical damage to the equipment that’s being overloaded.
There are two main ways that attackers can carry out a denial of service attack: by flooding the system with traffic or by taking over a large number of computers and using them to attack the system.
Just last year, Canadian comms company VoIP.ms experienced a denial of service attack and had to provide 1 Bitcoin (about 45,000 US dollars) to end the attack.
Protections like firewalls and intrusion detection systems can help you prevent denial of service attacks. You should also have a disaster and recovery plan in place for how to deal with an attack if one does happen. If you need help creating your DR plan, an outsourced IT provider can get you started.
5. SQL Injection
SQL injection usually happens when a hacker is able to insert malicious code into an SQL statement. This can happen if there are flaws in the way the code is written or if user input is not properly validated. If successful, the hacker can steal data or take control of the database.
To protect against SQL injection, you should always validate user input and escape any special characters. You should also use parameterized queries whenever possible.
What an IT Expert Can Do For Your Business
It’s important to have someone on your team who is responsible for cybersecurity. This person should have a good understanding of the threats that your business faces and the best ways to protect against them.
An IT expert can also help you set up security measures like firewalls, intrusion detection systems, and anti-virus software. If you’re looking for someone who can help you create a strong disaster recovery plan, outsourced IT would be a great option because they have cybersecurity experts, not people who are just trained in the generals of IT.
If you don’t have an IT expert on your team, you can always outsource this work to a security firm like Alt-Tech. We help small businesses in Canada to have powerful and affordable protection against all types of threats and we’d be happy to do a consultation with your company. Reach out today!