Many business owners think that a decent firewall, antivirus software and spam filter are all they need to protect themselves from cyberattacks.
Unfortunately, the criminals behind those attacks have evolved far beyond the “Nigerian prince” emails that gained notoriety in the ‘90s, promising rich rewards if you helped the royal son out of a financial pickle. All you had to do was wire a few thousand dollars to his trusted associate…
It may seem laughable, but they did it because of the slim percentage of people that did wire the money. When you’re sending millions of emails, a 1% positive response translates into a substantial payday.
Before you can protect your business, you need a basic understanding of where you need the protection—and why.
Every aspect of your business that touches computers or the Internet revolves around security. Security falls into three primary categories: email, web, and website security.
1 – Email security
Email security is mis-perceived as a productivity issue, but it goes far beyond “too much spam taking up my employees’ time.”
Spam, emails carrying a virus via link or attachment, or phishing emails have become more sophisticated, masquerading convincingly as your bank or other service provider to trick you into downloading something or giving away personal information.
Although many fraudsters still take the “shotgun” approach, hoping for that 1% who will respond, the real threat is email account takeover. Account takeover happens in two major ways:
The first is through brute force, where the hacker will try combinations of username and password until they break into your account. Related to web security, they don’t test random combinations, but usernames and passwords gained through data breaches.
The second is spear-phishing. Where phishing involves mass emails, spear phishing is highly targeted, using information available online from social profiles to purchases, to craft a credible message. The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging.
2 – Web security
The common mis-perception here is that most people focus solely on “inbound” threats, which is too narrow a view.
Firewalls protect against inbound threats, i.e. outside elements trying to get into your system. However, outbound traffic must also be monitored. Links, ads, and pop-ups as your employees browse the Internet can lead to malicious websites that threaten your company’s security. Many business owners see employee’s use of the Internet as a productivity issue, but it’s a security issue.
The most savvy sites or phishing attacks take the employee through a chain of links, so they click from something innocuous (like “Check out these pics from the golf outing”), to a malicious site 3 clicks in—that lies beyond the reach of most filters and firewalls. (Filters usually track one layer deep, but a seasoned hacker will take you through several layers to get to the real threat).
3 – Website security
When a website is hacked, the results can take different forms: either the site goes down, or redirects to another website, or links to hidden sub-sites within the website. It all depends on the attacker’s purpose. So a web visitor may think they’re shopping on your online store, for example, while the hacker is collecting their credit card information.
More often than not, it’s not the website itself, but website plug-ins or apps. The best apps or platforms keep up with security threats, including protection in their updates.
If any individual update is missed, the website can “break”, leaving you vulnerable to threats. Hackers figure out how to get “into” a theme, for example, then seek out sites who haven’t updated it.
Sometimes the culprit isn’t the update, but the app itself: some free plug-ins are all bout getting hackers access to your website.
Why do attackers make the effort? To access your customer’s credit card information or other sensitive data, like username and password so they can potentially take over their email. Or to hold a business ransom—demanding money to fix a problem they created.
The solution? A layered approach
With so many varied threats across these three areas, a combination of preventative approaches are necessary—as well as robust responses for when the security breaches happen.
You need a layered approach to cover all your bases. At Future Link, this is exactly the approach we take, curating the best working and best value solutions into a comprehensive security package.
To get started, we offer a cybersecurity assessment that includes:
- External vulnerability assessment, looking at “holes” or gaps in your firewall, where outsiders can break in and attack your network.
- Internal security scan and audit, identifying real and potential vulnerabilities inside your business network.
- Dark web scan, checking the dark web (hidden websites you can’t access without special software) for your sensitive data that may have been compromised.
- Network data scan, reviewing your network for unsecured data like SSNs, credit card information, and more.
To protect your business and upgrade your cybersecurity, let’s chat. Fill out this form and one of our experts will respond within one business day.