It seems like there has been an onslaught of high-profile data breaches and cybercrimes reported in the media over the last year. Breaches across the U.S. and Europe have been retold and retweeted, and lax security standards of large corporations exposed for the world to read about. The reports have left businesses, both large and small, rightly worried over the state of their own cybersecurity.
Indeed, a report by SonicWall has stated that 38 new ransomware variants are detected on average each day, with over half targeted at smaller, newer businesses.
With ongoing media reports tarnishing reputations, and new GDPR legislation set to change the face of data protection forever this May (at least for organizations wishing to continue to trade in the EU), it’s imperative that startups across the globe get to grips with cybersecurity and awareness training. This is especially important for entrepreneurs who may not have the resources to bounce back from an attack.
It’s easy for startups to fall into the trap of believing they are safer from cybersecurity risks than the big players often reported in the news. After all, what would hackers want with such a small fry when far more profitable and popular businesses are up for grabs?
The reality, of course, is that no organization is safe; no matter how new or small. In fact, some hackers prefer smaller, inexperienced businesses as they make for easier targets. Unfortunately, it’s true that too many startups neglect to allocate enough resources (such as budget and training) to cybersecurity practices and, as such, are easy prey.
So many small businesses and startups process and store valuable personal data (think credit card numbers, home addresses, authentication codes, etc.) that they are actually one of the most common data targets for cybercriminals.
Remember, 77 percent of data breaches occur at companies with less than 1,000 employees, and many don’t even realize their systems have been compromised. In 2017, data collected by insurance company Zurich reported that 875,000 SMEs across the UK had been affected by a cyberattack in the previous 12 months. One in 10 of these businesses reported the breach to have cost their organization over £10,000 (equivalent to approximately $13.6K) – an amount that could easily devastate a startup.
Related: How Cyber Hackers Attack
What are the common threats?
Many age-old threats such as weak passwords and out-of-date software still stand true. If either of these are breached, cybercriminals can easily install malware and create a permanent point of entry to your machine and network, or use the computer’s processing power to support illegal activities such as cryptocurrency theft.
In response, it’s essential that startups spend time training their employees on everyday cybersecurity practices, from creating secure passwords to staying away from unsecured websites and file encryption. Software updates should always be installed in a timely manner and employees should understand the importance of locking away mobile devices such as smartphones and USBs when not in use. All of these things require awareness training and employee empowerment.
A slightly more sophisticated threat comes in the form of phishing attacks, i.e. the hacking technique where “bait,” usually disguised as a reputable request for information from a trustworthy source (banks, online retailers, and so on), is emailed to users in the hopes of catching one out. Targets of phishing attacks are often directed to fraudulent websites that are made to look and feel like a legitimate vendor and, once there, unwittingly enter their password or other personal information straight into hackers’ hands.
Another familiar threat since May 2017, ransomware attacks (also known as crypto-viral extortion) are a form of malicious software that threaten to publicize or encrypt the victim’s data and IT systems unless a ransom is paid, usually in the form of difficult-to-trace digital currency like Bitcoin.
Sign Up: Receive the StartupNation newsletter!
Ransomware typically relies on a type of file known as a Trojan. These are files that have been disguised to look legitimate and are attached to emails or made to look like trustworthy downloads online. Once opened, the malware contained in the download infects your computer’s files, preventing access for anyone without the key-code. These type of attacks can take down entire networks and could mean devastation for a new startup.
Entrepreneurs that spend a lot of time on the road should also be on the lookout for “Evil Twin” threats. Evil Twins are Wi-Fi hotspots made to look safe by appearing in public places such as cafes or hotels. They often have legitimate-looking corporate names to trick victims into connecting so that hackers can harvest any information sent over the network. Again, awareness is key here, and you should always ask a staff member if you are unsure which Wi-Fi network is safe to connect to whilst traveling for work.
Although not an exhaustive list by any means, the above threats all share the same answer when it comes to risk mitigation: awareness training and confidence. As your startup grows, it will become everyone’s responsibility to protect your organization from cybercrime and to remain vigilant.
Misunderstanding hacker practices and how companies are targeted can lead employees to underestimate their threat, especially for startups that are no more immune from risk than their larger counterparts.