Eighty-three percent of small businesses have no formal cybersecurity plan, a Symantec study found. This leaves entrepreneurs dangerously vulnerable to falling victim to hacking. Sixty percent of small and medium-sized businesses that get hacked are out of business within six months, the National Cyber Security Alliance says. To help keep your company from becoming a statistic, here are some basic security concepts and terms every business owner should know.
Basic Security Terms Every Business Owner Should Know
In recent years, 96 percent of cyberattacks have fallen into nine major categories. In 2016, Verizon reported that the top three attack methods involved phishing, point of sale (POS) and stolen credentials.
Phishing is a method of social engineering which relies on deception to trick people into divulging confidential information. It uses tools such as email, website links or phone calls to extract passwords, credit card numbers or other sensitive information. For example, an attacker might email you a message pretending to be from Facebook, asking you to click on a link and log into your account to address an issue regarding your account. When you click on the link, instead of being directed to Facebook’s site, you get redirected to a fake site where your password will be recorded and stolen when you type it in.
Point of sale attacks steal customer credit card data by intercepting it during the purchase process. One type of POS attack is skimming, which involves physically installing additional hardware onto POS terminals to record credit card data for use or copying. A non-physical alternative to skimming is deploying POS malware, which is a software code that electronically steals credit card data as customers are using their cards. To use POS malware, attackers must first install it onto the target’s network. This is usually done by finding a vulnerable device or application on a company’s network and using it to gain access to the part of the network hosting the company’s POS software.
Stolen credentials attacks steal passwords and other vital information from targets using a number of methods. One method is outright stealing a password by physical observation or by using a computer to randomly guess password information, the latter known as a brute force attack. Another method is electronically eavesdropping on a network in order to intercept password information, known as a man-in-the-middle attack. Other methods involve masquerading as authorized users, e.g., requesting a password reset to be emailed to a compromised email account.
Cybersecurity specialists use a model called Open System Interconnection (OSI) to analyze system vulnerabilities and plan defenses. OSI views network communications as a series of seven layers. At the lowest layer are physical elements such as local devices and modems. Next are electronic layers such as data, network connections, transportation of data streams, connection sessions. The top two layers involve applications and communication between applications.
To protect each of these layers, security specialists deploy a variety of defense strategies. Firewalls are hardware or software that block unauthorized users from accessing your device. Encryption is encoding that prevents unauthorized users from reading data without a key. Passwords stop unauthorized users from participating in connection sessions. Passwords alone are easy for hackers to guess, so two-factor authentication strengthens passwords by requiring a second authentication method, such as phone or email confirmation. Antivirus software scans applications and data to detect known malicious code.
As a safeguard against cyberattacks or other emergencies, cybersecurity specialists employ disaster recovery strategies to ensure that there is always a backup copy of vital data available for use on a backup site. Backup sites come in three varieties. A cold backup site is office or datacenter space where servers can be migrated in case of emergency. A warm backup site is space that has backup servers in place ready to have a backup copy of your data loaded onto them from tapes or a backup service. A hot backup site is a mirror of your datacenter infrastructure with both servers and recent data backups ready to use.