As a small business owner, you might see yourself as less susceptible to cyberattacks. After all, doesn’t it make sense for hackers to go after bigger fish? Those targets are certainly attractive, but cybercriminals are also aware that small businesses lack the security systems of larger enterprises. The truth is that cyberattacks on small businesses are on the rise. Approximately 1 in 5 small businesses are victims of cyberattacks. Over half of the small businesses that experience a cyberattack go out of business.
Now, those are some frightening statistics. Fortunately, there are steps that every small business owner can take to avoid and even prevent cyberattacks. First, brush up on Cybersecurity 101 and learn about the data, devices, networks, and applications you need to protect. Second, learn to recognize the different types of phishing. As the most common type of cyberattack, there are many different methods, including basic email phishing. And third, let’s learn about cyberattacks on small businesses, including the types and what to watch out for.
Cyberattacks on small businesses
You’ve probably heard about ransomware on the news, and you may already be familiar with phishing. But what other cyberattacks happen to small businesses?
Cybercriminals often target people by playing on their trust and creating scenarios that drive them to act quickly. If an employee gets an email from their boss asking for the login information to something immediately, they may not even think twice. The request is urgent and it’s coming from a superior, so they send the information along. Unfortunately, it may not have been their real boss asking for the information.
This is a common phishing tactic called pretexting. Social engineering attacks go beyond phishing, though. Here are a few more examples:
- Caller ID spoofing happens when a scammer makes a phone call look like it’s coming from someone else. From there, they may try to run a vishing attack or phishing in the form of a phone call.
- Malware on websites or installed on devices may cause pop-ups the say the computer is infected. Then, a helpful tech support agent (read hacker) offers to help fix the problem. The only catch? The user needs to give them remote desktop access (RDA) or download malware disguised as antivirus software.
- Employees may also install free downloads or use USB sticks from a conference. While these tools may seem innocuous, they could be infected with malware.
Social engineering is one of the most effective cyberattacks on small businesses. That’s why it’s important to educate your employees and urge them to practice good cybersecurity.
SQL injection attacks
If your website isn’t correctly coded, it may be vulnerable to SQL injection attacks. These attacks also affect web applications. Basically, a hacker injects a piece of malicious code that allows them to intercept any queries an application makes to its database. With this malicious code, hackers interfere with data and can access sensitive information. They may be able to access passwords, credit card information, or user details.
SQL injection attacks account for 2/3 of all web application attacks. That’s why it’s so important to take steps to secure your website, especially if it handles any kind of personal data like ecommerce sites, real estate agents, law firms, and agencies. If you don’t have the coding knowledge necessary to secure your website, a tool like SiteLock can come in handy.
Distributed denial-of-Service (DDoS) attacks
Over a third of businesses experience DDoS attacks. To understand the risks, let’s start by explaining what a denial-of-service (DoS) attack is. In a DoS attack, a hacker tries to overwhelm or flood a network or device with requests, which then triggers a crash or makes the system inoperable.
Usually, a single computer launches a DoS attack. A distributed-denial-of-service attack (DDoS) uses multiple devices or botnets. It allows hackers to be much more efficient. About 16 DDoS attacks happen per second.
There are two types of DoS attacks: buffer overflow and flood. In a buffer overflow attack, multiple requests target the memory and CPU of a device. These attacks cause a device to slow way down or crash. Flood attacks target the server and oversaturate the server capacity.
These types of attacks don’t result in a data breach or financial loss in most cases. But they can cost businesses money as they try to get networks and devices back online.
If the goal is to access systems, targeting the password is usually the place to start. Password attacks are also a common cyberattack. In 2020, 81% of data breaches were due to compromised credentials. Most employees have several accounts to login to, like email, accounting software, and videoconferencing tools. And since 53% of people admit to using the same password across multiple accounts, if one password leaks, they all leak.
Another common password attack is password spraying. Cybercriminals try the most common passwords people use (like 123456789 and qwerty) out on accounts to see if one works. If an employee uses a weak password, their accounts (and any private data) are vulnerable.
Many cyberattacks on small businesses are preventable. Here are some more tips to check out for small business cybersecurity:
- Understand how to overcome cybersecurity challenges for small businesses
- Explore more tips and tools for cybersecurity
- Learn if your small business needs a VPN or virtual private network
Protect your website with SiteLock
SiteLock offers total website protection against hackers, malware, SQL injections, cross-site scripting and viruses. With three different plans for every size of business, you can start detecting potential issues and threats and solving for them today.