What to look for: SMB’s online security weakspots

stealing your password

Does your business have any of these security weak spots?

It’s likely that during these uncertain times, your business has been forced to adapt. More people are working from home, using a mixture of personal and business devices, which means the conversations and business data that used to be enclosed under the one roof has spread to many.

Unfortunately, something we do know for certain is that hackers are using this vulnerable time as an opportunity to hatch their next plan of attack.

Small businesses can be among the most vulnerable to cybercrime simply because they don’t have the resources or time to adequately manage their website security.

Cybersecurity company 4iQ found that there was a 424% increase in new breaches of small businesses in 2018 compared to 2017.

What’s more, in a survey conducted by Ponemon Institute of 1,000 small- and medium-sized businesses, 78% of respondents indicated they had been the target of cyber attacks in the past 12 months.

But the important thing to remember is that hackers don’t necessarily choose a target based on their size or their industry. They can target you based on your security weak spots.

Hackers use bots to search for vulnerabilities within your website. Once the bot finds one, this signals an opportunity for the hacker to attack.

So what are some of the weak spots you should be watching out for?

We’ve picked four of the most common weaknesses that don’t take much effort to resolve, yet they will make a huge difference to your business security protection.

  1. Outdated anti-virus protection software 
  2. Poor password habits
  3. Unsecured wifi networks
  4. Phishing attempts

Weak spot 1: Outdated Anti-virus Protection Software

Just because you have it, doesn’t mean you’re protected. When you have out-of-date or expired cybersecurity software, it’s almost as risky as not having any at all.

What you should do:

  • Update your software on all business devices and make sure any employees working remotely are working on devices that have anti-virus software installed and up-to-date. 
  • Tweak the settings to ensure all updates are automatically installed in future so that it’s one less thing to worry about.

Weak spot 2: Poor Password Habits

We’re required to use passwords for many things in our personal and professional lives. Multiple passwords can be difficult to remember, so we can be guilty of using the same password for multiple logins.

Luckily, password manager adoption is starting to increase and more businesses are beginning to use multi-factor authentication. Multi-factor authentication includes businesses requiring more than one method of identification, which may include a password and a code which will be sent to their linked phone number or email. Globally, multi-factor authentication has grown from 12% to 57% in 2019.

What you should do:

  • When setting a password, try to have at least 8 to 10 characters with a combination of lowercase, uppercase, numerals and special characters. For example: you could replace the letter ‘e’ with ‘3’. 
  • Educate your employees about good password habits. For example: never write them down, don’t share them with anyone, and regularly update them every month (or at your discretion). 
  • Ensure every employee has their own unique password to access shared business documents and databases. This is how you can track a breach to an individual account through who has accessed any potential sensitive information.
  • Look into setting up multi-factor authentication in your business moving forward.

Weak spot 3: Unsecured business wifi networks

Similar to hacking passwords, hackers can find other ways to access your network systems and computers if your WiFi networks aren’t secure.

What you should do:

  • Setting up a secure business network isn’t a DIY job like your personal WiFi network. It’s important to ensure the network has been professionally installed by someone who knows how to take the necessary steps to protect your data. 
  • Make sure you (and your employees) set your browsing preferences to access websites that use secure transmission protocols like SSL (Secure Sockets Layer) and TLS (Transport Layer Security). These are the sites that display an https:// prefix before the web address, and a locked padlock symbol on your browser or app window.
  • Ensure you are using password best practices when setting up your WiFi network. 
  • Look for rogue access points, which is an unofficial way to connect to your WiFi. This can happen when well-intentioned employees find ‘workaround’ ways to connect to the WiFi when they are experiencing bad connectivity. You can use access point scanning to ensure there are no backdoors to your network.

Weak spot 4: Phishing attempts

Phishing is a type of cyber attack disguised by an ordinary looking email. The goal of a phishing attack is to trick the email recipient into believing they need to download an attachment, click on a link, or reply with some details about a customer, business document or any type of information that would allow the hacker a way into the network.

This is an all-too common occurrence for many businesses, but it  can be easily mitigated with the right formal security training and building more awareness around general cybersecurity practices.

What you should do:

  • Implement mandatory privacy and security training for every employee, and make sure this is repeated after a specific amount of time as a reminder.  
  • Run training workshops or create video content that explains what to look for in an attempted phishing attack. Show examples of emails that should raise questions of legitimacy. 
  • Develop a process where employees can easily let you know when they suspect something could be wrong and what actions they should take.

Read more

How to keep your customers information secure when taking payments online


Final thoughts: Get your own vulnerability scanner

Another way to think about this: if hackers are using scanners or programs to detect vulnerabilities, why can’t you do the same?

eWAY’s Merchant Trust Initiative is an easy-to-use portal offered to every customer. It guides you through all the steps necessary to boost your business security. This includes offering a security alerts system that notifies you when there are new vulnerabilities that may impact your business and what steps you can take to ensure your protection.

The MTI program also offers you Endpoint protection that protects your business devices against unknown threats such as viruses, adware, Trojan horses and worms.

To get started with eWAY contact one of our experts today here or call us on 1800 095 428.