No one is immune from hackers. Not you, even though you don’t have millions in the bank. Not you, even though you don’t own a company where you think espionage would be a problem. Not you, even though you think you are as boring and uninteresting as they come.
Everyone is a hacker’s target, as if the news of the Equifax breach that affected 143 million people in America wasn’t wakeup call enough. Whether you operate a business or you are an individual, you are a hacker’s target and you need to protect yourself.
According to Equifax: “The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents.” To determine whether you may have been affected, click here. But be forewarned – The Washington Post has revealed that by entering your information you might be waiving your rights to join a class action lawsuit later.
There are several ways that hackers gain access to your personal or business information:
- Through unsecured web pages or unsecured WiFi networks
- Through phishing emails with links or attachments
- Through weak passwords like 123456 or password
- Through watering hole attacks – websites a target organization uses frequently will be infected with malware
Protect yourself online by using better password hygiene – change your passwords often, use secure passwords, and make sure they are complex enough not to be easily guessed.
If you run a business, make sure that your third party vendors are using strong security precautions so they don’t open your business up to hackers. And ensure that employees are using strong passwords, that they only have access to what they need to do their jobs and nothing more, and that your company has a BYOD policy.
Businesses, Especially Small Businesses, Are At Great Risk
There are a number of different ways that hackers can gain access to a business network. Internal attacks come from people who pose as trusted employees in order to gain access to sensitive data, which was responsible for 10% of data breaches in 2015. Accidents are another form of insider threat, and they come when people lose their business laptops and phones – 48% of identities were exposed this was in 2015.
External attacks are much more common. Hackers will employ spear phishing tactics to gain access to individuals who are higher up in the chain of command so they are more likely to be able to get to the most sensitive and critical data.
Typically this will involve a phishing email with a clickable link, and 91% of attacks begin within 80 seconds of a person clicking on a malicious link. Ransomware is another growing threat, and between 2015 and 2016 hackers began asking for three times as much ransom to release stolen hostage files. What’s more, paying the ransom does not guarantee the hackers will release your data.
When small businesses experience these types of threats they are often unprepared. They haven’t taken the necessary precautions to prevent them, often they don’t discover them quickly, and they might not know how to go about cleaning up the mess. In fact, 29% of small businesses that experience a cyber attack will take no action to prevent additional attacks in the future.
Small businesses are often left with only one option when it comes to dealing with cyber attacks: go out of business. The average cost of cleaning up a cyber attack for a small business can be between $36-50k, which is out of reach for most small businesses. On average about half of small businesses will go out of business within 6 months after a cyber attack.
Industry Doesn’t Matter – Everyone Is A Target
No matter which industry you are in, your business is a target. There are some sectors that get attacked more frequently than others, though. We often hear about retail data breaches thanks to high profile cases like Target, Home Depot, and Walmart. But retail is not the most common target- services are, followed by financial and real estate businesses and then manufacturing. So if you are running a small business what are your options?
In addition to preventing data breaches through employee carelessness, you may want to consider hiring professional security services to audit and maintain your company’s network.
Admitting you can’t do everything yourself is the first step toward better security, and there are plenty of options for securing your network with the use of security vendors. Even cloud based network as a service providers will bundle security protections with their Managed NaaS packages, so be on the lookout for every opportunity to protect your company with better security.
Never forget that you are a hacker’s target.
This post is part of our contributor series. The views expressed are the author's own and not necessarily shared by TNW.