It’s more important than ever to be protected from cyber crime. According to a government cyber security breach survey, 46% of micro and small businesses identified security attacks or breaches within the past 12 months. – among this 27% were attacked at least once a week and 22% needed new cybersecurity measures. They also found that the average annual cost for micro and small businesses that lost data or assets after breaches is £8170.
What types of cyber security risks should you be aware of?
Often with limited budgets and a lack of security expertise and awareness. Small businesses are often seen as easy targets for cyber attacks.
The most common threats include:
Malware: This is a malicious software intended to cause damage to a computer, server, client or computer network. There are many different types of malware including viruses, worms, Trojan horses, spyware, ransomware, scareware, Botnets and rogue software
Phishing: These scams are used to gather sensitive information such as usernames, passwords and credit card details. This can be done typically by an email or sometimes, a text message. Approximately half of cyber attacks in the UK involve phishing which is 20% higher than the global average.
Ransomware: This type infects your computer and holds data to ransom, they often demand significant amounts of money for its release. Typically, it gains access to computers through convincing phishing emails with infected links or attachments which employees can unwittingly click. Ransomware is also able to sneak malware in through vulnerabilities in your systems and software.
DDoS: A distributed denial-of-service attack (DDoS) attack is a malicious attempt to disrupt normal traffic to a machine or network. Recently, DDoS has been very common in large corporations such as Twitter, Netflix and Airbnb. This highlights just how sophisticated they can be.
Cyber Attack case Study #1: Spamware
A client came to us requesting a refresh on their WordPress website. Once we had access to the backend, we soon found out they had been attacked with spamware being implemented on the site. This was causing users to be redirected to other links and both the files and the entire database were infected.
What was the outcome?
We cleansed down both the database and files to remove any malicious software. We also implemented file security and created lockdown server environments – this means the only software we know is safe and have implemented on the site is allowed to be run. We also adjusted the login permissions so only whitelisted users can access via IP addresses to ensure non-authorised users can gain access to the site.
Our developers at Beacon use WordPress specialist dedicated hosting in all WordPress projects to ensure the threat of a cyber attack or breach is avoided from the start rather than recovered after an incident.
Cyber Attack Case Study #2: DDoS
A client came to us with 3 existing websites on a virtual private server (VPS). The way in which the server had been set up meant that it had completely unrestricted access to anyone to view and edit. A mixture of different DDoS attacks had been made to all 3 websites and spamware was also implemented.
What was the outcome?
We implemented a Secure Shell Server (SSH) which will ensure safe file transfers from now on. We also adjusted their file and database management to be much more secure to avoid a breach happening again.
If you’d like to learn more about what Beacon can do to ensure your businesses are protected from cybercrime, don’t hesitate to get in touch.