6 Cyberattacks That Hit Small Businesses the Hardest

Did you know that almost 60 percent of all targeted cyberattacks strike small and medium-sized businesses? Did you also know that 60 percent of affected small businesses go belly-up within six months after a data breach?

Hackers love targeting SMBs because they know smaller organizations have less resources to protect themselves from a cyberattack than large corporations.

Don't let yourself become a victim. Below are a few of the common cyberattacks hackers use to sink small businesses and what you can do to stop them. And remember to invest in cybersecurity insurance from CyberPolicy to keep your business healthy in the event of a data breach.

Phishing Scams
Phishing scams are nothing new, but they are still an effective weapon in the hacker arsenal. For those who don't know, a phishing scam employs a convincing, albeit phony, email requesting that the recipient share private information with the sender, sometime via a redirect link and bogus sign-in page. Telltale signs include 'URGENT' subject lines, spelling errors, low-definition logos, redirect links and suspicious attachments.

The solution? Avoid opening emails from persons you do not know well, and avoid sharing any private information or files over email.

Brute Force Attacks
The famous scientist and Nobel winner Richard Feynman made a hobby of cracking safes in a matter of minutes. How'd he do it? With a keen understanding of human nature, mathematics and trial and error.

Brute force attacks are used to crack sign-in credentials in much the same way. Typically, a brute force attack will flood a sign-in page with thousands of character combinations until the hacker gains access to your account.

The solution? Empower an IT team (internal or external) to flag suspicious behavior such as numerous failed sign-in attempts.

Credential Stuffing
So, let's say a hacker lifts a password from your profile using a phishing scam or brute force attack; do you think they stop there? Credential stuffing takes stolen sign-in credentials and recycles them elsewhere on the web to access multiple profiles and cause as much damage as possible. Use the same password for your work email, social media pages, banking service and ecommerce profile? A savvy hacker can own all of these in minutes!

The solution? Use a unique passphrase on every account and employ a password manager to keep them safe.

Wi-Fi Spying
Everyone loves free, but free public Wi-Fi isn't all it's cracked up to be. Digital eavesdroppers will sometimes set up fraudulent hotspots to fool unsuspecting users into sharing their online activities. Cyber crooks often use attractive names like "Free Coffee Shop 5.0GHz" or "Open Hotel Wi-Fi".

The solution? Avoid using public Wi-Fi when handling sensitive information like work emails, online banking or engaging in ecommerce. If you must use public Wi-Fi, employ a VPN to obscured your movements online.

Malware
Malware is a general term used for any type of malicious software that corrupts, disrupts or infiltrates a computing device for nefarious means. For example, ransomware locks legitimate users out of a device until a lump sum is paid to the hacker; a remote access Trojan (RAT) is used to control webcams, microphones or keyboards to spy on user activities. What's especially troubling about malware is that it can be caught in a variety of ways, including drive-by downloads, spam email attachments, Trojan programs and more.

The solution? While anti-malware and antivirus programs are enough to block some attacks, organizations would be smart to hire an internal team or agency to track down and eradicate malware hidden in your network.

Distributed Denial-of-Service Attacks
A Distributed Denial-of-Service (DDoS) attack is part sit-in, part robot army. Basically, a hacker will build an army of malware-infected computers and order them to flood a website with bogus traffic requests until the service crashes. This can last for hours or a few minutes, preventing legitimate users from accessing your site, which is used to mask a secondary attack.

The solution? Employ one of the several solutions that detect, block or redirect malicious traffic before it reaches your server.

There is no shortage of tricks hackers can use to damage your business. Do the right thing and invest in cybersecurity insurance from CyberPolicy. Get your free quote today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375