Data Privacy Day is on January 28, and I’m willing to bet this isn’t a day most people are aware of. However, with cyber threats such as ransomware, data breaches and Business Email Compromise (BEC) scams plaguing the small business landscape, spending time in observance of Data Privacy Day should be a priority.
In 2016, our researchers witnessed a 400 percent increase in ransomware families and don’t foresee that number becoming stagnant any time soon. We predict a 25 percent growth in ransomware families throughout this year, with more attackers focusing their efforts on businesses. Additionally, BEC scams quickly became one of the biggest enterprise threats last year with threat actors cashing in on roughly $3 billion. Much like ransomware attacks, these threats are only predicted to increase in sophistication and volume throughout 2017.
As a small business, there are a number of steps laid out below that you can take to ensure these nightmares don’t become your reality.
|1. Implementing multi layered protection – Small businesses typically only focus on protecting their endpoints, but don’t consider other potential threat vectors. It’s crucial to make sure every device with access to your data and/or network is protected, including mobile devices. As seen with the recent WhatsApp and Super Mario Run exploits, mobile devices are becoming a more popular target for hackers.
2. Securing email servers – According to our 2016 Midyear Security Roundup Report, 71 percent of ransomware originates via email, making it the most popular vehicle for threats alongside BEC scams. Therefore, it’s imperative to not only have additional protection in place for your email, but to also be wary of messages requesting money transfers, even if it appears to be from a legitimate source.
3. Backing up all information – Backing up your data is critical to ensuring company information is safe from disruption or extortion in the event of a data breach. It’s recommended to follow the 3-2-1 approach: have three copies of your data stored in two different locations with one copy stored off site.
4. Educating users –To make a profit, cybercriminals rely on unsuspecting users to open a malicious link or file, or authorize a fraudulent wire transfer. Educating your employees on what types of suspicious activity to be on the lookout for could save your organization from being a threat actor’s next victim. It’s also important to make them aware of what to do when they experience something that doesn’t look right, and let them know there’s no shame in being overly cautious.
5. Protecting the cloud – Many cloud offerings provide little to no security, which is important to remember when leveraging cloud solutions such as file sharing, hosted email, etc. Fortunately Trend Micro, offers Hybrid Cloud Security Solutions that provide protection within these hosted environments.
6. Patching and updating – Out of date software makes it easier for threats to enter and attack a small business. Being diligent about upgrading to the latest version of your security software will mitigate the risk of vulnerabilities being exploited. It’s also important to make sure your operating systems are up to date and decommission unsupported operating systems such as Windows XP and Windows 2003.
Data Privacy Day exists to generate respect for privacy, safeguard data and enable trust throughout your small business. Trend Micro offers a variety security solutions for small businesses, which will assist in protecting your network. Setting aside one day a year, if not more, to implement these tools will save you time, money and credibility in the long run.