The term Cybersecurity conjures images of hackers writing code in green font in obscure languages to get into our system, and security experts on our side writing code to prevent their attacks. While the mental images from The Matrix and Mr Robot are much appreciated, truthfully speaking, Cybersecurity is that obscure aspect which is rarely considered while starting up.
In this day and age, where much of our data is online, the importance of Cybersecurity cannot be under-emphasized. While default online services by Google and other networks provide a secure environment to work in, you will have to start migrating to your custom domain in order to create your own individual trademark. When you do that, you must make sure that your online space is hundred percent secure.
In 2014 itself, small businesses and startups made for about 85% of all data breach claims. While that statistic is staggering, the implications are disastrous. As per Brian Birch of Symantec, startups are the most vulnerable to cyber-crime attacks in their first eighteen months. This can mostly be attributed to a false sense of security, where the small businesses feel that they are too small to be targeted by cyber criminals. In Canada, 20% of Startups reported falling prey to cyber attacks in their first twelve months. Thus, no startup is complete without cybersecurity.
The listed reasons for small businesses falling prey to cyber crimes are:
- Targeted Cyber Crime: 29%.
- Rogue Employees: 24%.
- Malware: 11%.
- Lost/Stolen Devices: 10%.
- Mismanaged Documents: 9%.
As per Arturo Perez-Reyes of HUB International, areas where small businesses could improve to prevent cyber crimes are:
- Awareness
- Resources
- Training
While we at The Hacker Street are no experts, we can surely shed some light onto the kind of cyber threats you must guard your business against. Thus, we present to you a list of cyber crimes your business may be prone to, and some ways to implement cybersecurity against these threats:
Malware:
Malware is basically a variety of cybersecurity threats such as viruses, worms and Trojans. Technically, a code or a program with malicious intent is Malware.
How it is received:
Through email attachments, software downloads, unknown websites, shady download sites, etc.
How to protect against it:
Avoid downloading files from unknown senders, update your firewall, regularly scan your systems for Malware, and keep your OS updated. Also, try to exercise a little discretion and common sense when browsing the internet.
Also Read: 7 kickass rules to boost your productivity
Phishing:
Phishing is basically an unknown third party requesting for your personal information, with malicious intent. They generally appear in your email in the form of bonanza offers in exchange for your bank details, and that sort of thing. They can also come in more sophisticated forms, which make them appear as requests from legitimate institutions.
How it is received:
Through email you may obtain links to dummy sites, or you may get redirected to dummy sites via advertisements. In some cases, merely clicking on the link helps the program download critical information from your system.
How to protect against it:
Most companies always recommend that their clients should not reveal sensitive information online. In case you receive any emails which request personal information, always confirm with the company itself.
Password Attack:
It is exactly what it sounds like. A password attack is not a downloadable code or a request for information; it is a program that tries to access your computer systems by trying to guess your password combinations. It is one of the most common threats to cybersecurity.
How it is received:
It is not a downloaded virus or program. It is a program launched from the computer of the attacker which tries to hack your system by guessing passwords using brute force attacks or comparing word combinations.
How to protect against it:
The best protection against this would be a strong password. Make sure it is alphanumeric password and contains different cases of alphabets. Try to avoid dictionary words or personal information which is guessable. Keep changing your password on a regular basis.
Denial-of-Service Attacks:
A DoS attack is used to disrupt the network of the service. The attackers use a high number of requests, or pings to the server to overload the server with a ton of traffic, which may lead the server to crash. The most well-known DoS attack is Distributed Denial-of-Service Attack (DDoS).
How it is received:
It features computers sending a large number of requests to overload and crash the server. DoS attacks are usually used as a form of causing great harm or seeking revenge, and not stealing money or assets.
How to protect against it:
Only big conglomerates need to be realistically worried about DoS attacks. However, you may assign professionals to monitor your data flow to identify threatening or unusual spikes which may indicate an attack. Usually, a DoS attack can be solved by simply unplugging the server, or cutting a cable, so physical presence is a must.
Man In The Middle (MITM):
The MITM essentially mimics the end points in an online information exchange portal, such as a banking portal. Thus, the MITM could gain access to all your sensitive information, and could present a huge breach in Cybersecurity.
How it is received:
A MITM usually uses a wireless non-encrypted point to gain access to your network. For example, a WiFi network without WPA, WPA2 or other security implementations, can be vulnerable to a MITM entry.
How to protect against it:
The best way would be to use wireless access points with WPA security or more. Try to visit websites that are secured with an HTTPS connection, or for anonymity and added security, consider using Virtual Private Networks (VPNs). Please note that Incognito Mode in browsers is not a form of VPN, and it neither ensures security nor anonymity.
Drive-by Downloads:
When you’re browsing on the Internet, sometimes malicious programs may get downloaded to your system in the background without you even knowing. This is known as a Drive-by Download. It doesn’t require any action or permission from you to download.
How it is received:
A small snippet of code gets downloaded to your computer, which reaches out to other computers in the network to download the entire program. It usually exploits vulnerabilities in the OS, or in software like Java.
How to protect against it:
Make sure the OS and all software are completely up-to-date. Also, use as few browser add-ons and plugins as possible, and do not use old or obsolete browsers.
Malvertising:
Malvertising is essentially the way hackers embed malicious code into advertisements online. When you click on that advertisement, the Malware gets downloaded to your system and could corrupt your network and destroy your Cybersecurity.
How it is received:
The cyber criminals generally upload these advertisements using ad-networks and they get distributed according to select keywords and search phrases. Web publishers may be subject to or may be perpetrating malvertising and may not be aware of it themselves.
How to protect against it:
The way to guard against infected ads is plain common sense. Use an updated antivirus with internet protection.
Rogue Software:
Rogue Software is a software that pretends to be necessary or legitimate, or may even pretend to be an update for previously existing common software.
How it is received:
Pop-ups appear in several websites which suggest that you download certain programs. Once you click yes, the rogue software will be downloaded to your system and may affect your entire network and compromise all your cybersecurity measures from the inside.
How to protect against it:
Use updated Firewalls for your entire office network. Also, install proper antivirus and anti-malware software for complete protection.
As the days go by, the world migrates online with increasing degrees. The number of online transactions is increasing exponentially, as are the number of user interactions. In this scenario, it is fairly certain that your startup will exchange sensitive information online, or will conduct transactions online as well. For making sure that you are not compromised, cybersecurity is a must.
