OVER 71 per cent of Nigerian businesses were hit by ransomware attacks in 2021 while 44 per cent of the affected firms paid ransom to retrieve their data back, a report by Sophos, a United Kingdom (UK) cybersecurity solutions firm reveals.
It is increasingly becoming easier for cyber attackers to target hundreds, if not thousands, of small businesses who just moved online amidst covid-19 attack without having security strategy or solutions for safeguarding their businesses.
“In the first four months of 2021, Kaspersky detected and prevented 161 000 RDP attacks across the country.” The number of attacks increased to 303,500 in 2022, according to the statement. A total of “2,654 detections” were reported in 2022 “compared to 1,076 in 2021,” the report said. Even though the number of internet attacks in Nigeria fell in the first four months of 2022 (56,836 infections in 2022 versus 99,146 infections in 2021), they remain a problem and must be defended against, according to Kaspersky.
Small organizations frequently have fewer technology safeguards in place, are less aware of dangers, and have less time and resources to devote to cybersecurity. As a result, they are an easier target for hackers than larger corporations. They are, nevertheless, not any less lucrative targets. Even the tiniest firms can deal with big sums of money or have access to massive amounts of client data, which they must secure under legislation like GDPR.
Because small businesses frequently collaborate with larger corporations, hackers can utilize them to target those corporations. A look at the security threats faced.
Cyber Security Attacks being Faced by Small Business Owners
1. Phishing Attacks
Phishing attacks are the most dangerous, damaging, and prevalent threat to small businesses. Phishing is responsible for 90 per cent of all data breaches, has increased by 65 per cent in the last year, and has cost businesses more than $12 billion. Phishing attacks occur when an attacker poses as a trusted contact and persuades a victim to click on a malicious link, download a malicious file, or provide sensitive information, account details, or passwords. In recent years, phishing attempts have become much more sophisticated, with attackers becoming more convincing in their impersonation of actual business connections.
2. Malware Attacks
Malware is the second most significant hazard to small businesses. It covers a wide range of cyber dangers, including trojans and viruses. Malware refers to malicious code written by hackers to gain access to networks, steal data, or destroy data on systems. Malware is usually spread by malicious website downloads, spam emails, or connecting to infected computers or gadgets.
Small firms in Nigeria are still vulnerable to malware, according to the firm’s estimates, which predict an 89 per cent increase in Remote Desktop Protocol attacks by 2022.
Small firms are more inclined to hire people who work from home since it saves them time and money. This, on the other hand, raises their chances of being the victim of a malware assault, as personal devices are far more vulnerable to harmful downloads. Over the years 47% of malware attacks have been reported according to Sophos’ Survey.
3. Weak Password
Weak password is one of the most common ways hackers gain access into enterprise’s network and database. Employees that use weak or readily guessed passwords are another major hazard to small firms. Many small businesses use a variety of cloud-based services, each of which requires a separate account. Sensitive data and financial information are frequently stored on these platforms. This data can be compromised if you use passwords that are easily guessed or the same password for many accounts.
Premium Times reported a story on the 30th day of May 2022, where it stated: According to a new study by Kaspersky, a global cyber-security and digital privacy business, the number of Trojan-PSW (Password Stealing Ware) detections in Nigeria increased by 147% in the first quarter of 2022 compared to the same time in 2021.
The most common password is ‘123456’. It is actually the most used and compromised password in the world, occurring in 23.2 million cyber breaches in 2019. Many use their dates of birth, which, while more unique, are still very weak
With the effects of security breaches on businesses, SMBs need to inculcate some security measures that would help secure their various data and information. We shall thus be taking a look at some of the security practices for SMBs.
5 Top Security Practices for Safeguarding your Business in 2022.
1. Having a secured firewall system
A firewall is a system designed to prevent unauthorized access to or from a private network, this system can be configured to prevent hackers from gaining access to your company’s network or business application or solutions.
Firewalls are available in both software and hardware variants, but a hardware-based firewall is required to safeguard your organization, which might seem expensive or small businesses. Threats that are already on the network or attempting to exploit specific apps are detected by firewalls. Moreso, firewalls use rules to determine what application activity is expected and permitted, and this begins with determining which “ports” are open. When a program or a hacker tries to use a port that isn’t allowed, they are denied access to the network.
2. Using Virtual Private Network (VPN) to secure your connection.
A VPN (virtual private network) is a service that creates a safe, encrypted (secured) online connection. A VPN will create a secure connection between your device and the network or other resources you log into. It acts as a tunnel, allowing you to establish a secure connection between your network, devices, and other networks to your internet destinations. Before it enters the tunnel, your data is encrypted, keeping you anonymous and your surfing activity hidden from prying eyes. When you use a VPN to connect to a network, your data is protected and encrypted. It is useless to an attacker even if they get their sights on it. Because it looks to originate from the VPN provider’s IP address, hackers will be unable to follow the trail to your IP address. Investing in a VPN is worth it, especially if you value online privacy and encryption while surfing online.
3. Have a Backup and Recovery Strategy
Backup and recovery is the process of duplicating your business data and storing it in a secure place in case of loss or damage, and then restoring that data to a location. Having recovery strategy is key to your success as a business in recovering your data.
A recovery strategy is a “blueprint” of procedures and activities that invoke backup and disaster recovery services, as well as their interactions with your data and servers, to keep you up and running in the case of a disaster. Thus, even if there is a sort of disaster in your system you can easily get your data back as they are secured with the day-to-day backup strategy.
4. Don’t Store all of your Information in one spot.
Numerous businesses keep duplicate file backup systems in the same location as the original data. Both the backup and the original are frequently lost if the company encounters a significant event. In actuality, there is a 25 percent chance of losing locally duplicated data, which is still too high for crucially vital private data. The probability of data backup survival goes to 99.99 percent when data is saved in three different physical locations, practically guaranteeing that the company’s data will remain unaltered regardless of the circumstance.
Your data backup locations should ideally be in two different geographies or more if you can afford it. Consider storing your data backup outside of an earthquake zone if your SMB is located in one. Backing up your data to the cloud is also a good idea. You have the option of relying totally on the cloud for disaster recovery or keeping your spin-up capabilities local and merely backing up to the cloud. Using a managed service provider’s (MSP) cloud-based disaster-recovery-as-a-service (DRaaS) products can also alleviate the load of disaster recovery on your own.
5. Two Factor Authentication (2FA)
Following a series of data breaches over the internet, from social media platforms to business solutions. Organisations such as Google, Facebook, LinkedIn, and Twitter have introduced two-factor authentication (two-factor authentication) to safeguard user accounts. This helps to safeguard private information and prevent intruders from accessing customers data. Two-factor authentication (2FA) is an extra step added to the log-in process, such as a code sent to your phone or a fingerprint scan, that helps verify your identity and prevent intruder from accessing your business information. It is no longer a matter of protection, but compliance to protection.
It is highly essential to setup two factor authentication system safeguard on all your business solutions. Start with electronic mailing system, then to the social media accounts.
To cut hardware costs, SMBs are increasingly implementing software-based solutions. SMBs can also save money on IT infrastructure by using cloud computing and virtualization technologies. When a device connects to the workplace network, several solutions use client mobile devices to deliver a one-time password (OTP).
Final Thoughts
It is very important for SMBs to secure themselves adequately from any sort of cyber attack as it could be detrimental to cogent and important data for the day to day running of their businesses. The 5 top ways through which an SMB can protect their data has been duly stated above in this writeup and an SMB can make use of any of them effectively for the growth of their business.