Cybersecurity is a term often thrown around by both people who don’t understand the importance of staying safe online and people who think of hackers as 80s movie wizkids who can hack the Pentagon in 3 seconds flat.
The truth is, while the Internet can be a scary place to do business, there are common risks and threats that make up the vast majority of attacks, and taking a few precursory steps can make the difference in between a successful or thwarted attack. Even when new attack patterns emerge, knowing the basics can often leave you in a less compromised and more secure position, ready to act upon anything new.
Small business cyber threats
Why would a cyber threat target a small business in a coworking space for a much smaller amount of potential reward than a larger and more profitable venture?
There are several answers, but the most important is that to most attackers, your small business is one of thousands that a hacker has attempted to breach simultaneously. Quite often attacks such as these are blanket, en-masse attempts to compromise as many smaller targets as possible with the same method. A thousand small breaches might be more lucrative, and the hacker is less likely to come up against roadblocks or cybersecurity teams that might catch them.
Another reason to target small businesses is for information. One great example of this is a small doctor’s office: on the surface, there’s not much to steal, and theoretically none of the actual money may be accessible online, but there’s a thriving black market for medical information on the web, and in some cases might set people up for further attacks. If the hacker was to take the process a bit further, they could use the patient data to identify a small business such as a private accountant working from a co-working space, and hack them to discover financial information not publicly available.
This can be a truly frightening to consider and if you’re not prepared the simplest information in the wrong hands puts you at risk from attack. Let’s say a person has been going to their family doctor for 30 years. Their mother also went there before they were married, and she changed her maiden name on marriage. With that information, a hacker might start looking for any email or bank accounts discovered through the accountant’s hacked data with the very common security question, ‘what is your mother’s maiden name?’. Getting into one email, they can use that to reset the passwords on a wide range of financial and personal information.
At the end of the day, it is extremely important for small businesses to understand a few things that can help them keep private information secure.
Preventing cyber attacks
With a basic knowledge of attack patterns, your small business will be armed with more than enough to prevent anything but the most high-tech intrusion. There are several ways that online attacks occur, and several common vulnerabilities that they often target: the vast majority of these simply take advantage of small human errors.
This is why data security is just as important on a day-to-day basis as having good encryption. All it takes is one easy to guess password, a lack of two-factor authentication, or other easily overlooked things to allow somebody access.
Password security
The first and simplest step you can take is in your passwords. Firstly, don’t ever be tempted to use the same password for multiple things: if your work and home passwords are the same thing, then getting into one automatically compromises the other.
Secondly, use systems that log in with two-factor authentication, which means that anybody seeking access must both have the password and also a one-use code sent to something like a mobile phone, dramatically lowering chance of outside attacks.
Thirdly, learn how to make a strong password in its own right. A combination of words, numbers, and letters is generally considered a strong password that’s simultaneously easy to remember.
In fact, it’s actually more secure to string random uncommon dictionary words together to form a password than it is to use random letters. Something like ‘NippyKingLangur203’ is stronger than ‘39dhgf93hg’, for example.
The fourth and final facet of simple password security is how you disseminate passwords. Don’t write them down, ever. Use a secure password manager and vault, like 1Password, and only give access to people in your organisation. If you’re in a co-working space, ensure that no one can watch you entering passwords regularly, as this could allow them to decipher what your password is from your keystrokes.
Basic computer safety tasks
Install an antivirus and firewall. For Windows users, the default firewall is no longer enough. If you’re using a Mac, don’t fall for the marketing buzz about them being unsusceptible to viruses. When that information came out, Macs were such a small share of the market (under 10%) that there were basically no viruses for them simply due to how inefficient it would be to make them.
Now that Macs are much more prevalent, with people pairing iPhones, iMacs, MacBooks, and iPads, they’re starting to see a big uptick in the number of possible viruses your devise can catch. It’s still harder to catch one on a Mac than a PC, but you should still take steps against it.
Run frequent checks on your network and PC, and if you’re personally bad with computers then make sure you either hire somebody or find a trusted friend to look over your situation and make sure there are no issues.
Finally, never download anything suspicious or open unknown emails without confirming both where it’s from and that your antivirus software clears it.
PoS attacks
Finally, there’s the increasingly common Point of Sale attacks, where people physically in the store attempt to implant fake chips or card readers. The only reasonable defence against this is to check your store every so often. Make sure service people don’t turn away from people for too long (it can take only seconds to slip a cover over a card reader), and check every couple of hours in case anything’s not correct.
On top of this, keep an eye out for suspicious behaviour. Loitering near ATMs in convenience stores for extended period of time, or near any financial or information storing equipment, may be grounds for a little increased vigilance for a short while.
Simple steps
For the majority of people, these simple steps will be enough to keep the vast majority of attacks away. The rest is simply applying them, and keeping your systems up to date to prevent any newly created attacks from coming in.
Nexus Hub is an established provider offering affordable yet premium co-working spaces to small businesses. Whether you’re a startup, sole trader, or rapidly expanding business, we have the right office solution for you to drive higher productivity and streamlined workflow. Explore our website for more information or contact us today for a discussion.