As cyber attacks against small businesses continue to rise, in this guest post, Warren van Wyk, director of PaySpace, offers advice on how startups can protect their data from cyber criminals.
Small businesses are often the targets of cyber criminals. In fact, data from Symantec’s 2016 Internet Security Threat Report shows that in 2016, 43 per cent of phishing attacks targeted small businesses. That’s a 25 per cent increase in just five years.
Hackers are likely to attack startups as they perceive them to be easy targets. They are aware that, unlike large corporations, smaller businesses generally have less funds to put towards online security. Some startups may also overlook the need for proper security measures, simply because they are not familiar with the issues – or the available solutions.
For these reasons, startups need to be extra vigilant in the fight against cyber-crime.
Most cyber criminals target commonly used software platforms with known vulnerabilities, like corporate and internal networks, as well as point-of-sale (POS) systems. The e-commerce environment is another firm favourite among cyber-criminals. However, many e-commerce providers, often under pressure from banks, are tightening up their security measures and as a result, the number of cyber-attacks has dropped from 38 per cent to 26 per cent, the 2017 Trustwave Global Security Report has shown.
As it gets harder to ‘break-in’, cyber-criminals are turning to cunning alternative methods such as phishing and social engineering – currently responsible for 19 per cent of all attacks and rising rapidly. These types of security breaches rely on gaining access to personal information like individual salary and bank account details. The cyber-criminal then uses that information to manipulate their way past corporate security checks and passwords. As a startup, you need to focus on protecting your company’s payroll data, to effectively fight cyber-crime.
Why payroll data must be kept secure
E-commerce, credit card and POS data are still the primary targets of cyber criminals. However, as banks and online retail platforms improve their security measures, personal information will increase in both importance and value. Payroll data may not be the primary target right now, but cyber-crime is changing and you need to be alert in order to stay safe.
Not too long ago, being able to forge the necessary signatures was enough to gain access to company vaults. Nowadays, cyber-criminals are using personal information to trick company employees into letting them in. For example, if a hacker gets hold of an employee’s banking details, they could impersonate someone from the payroll department and contact the employee with an email requesting them to open a link and insert the company’s network password. The unsuspecting employee is easily deceived; the email is perfectly professional and includes their personal information which inspires false trust.
In the event of such a security breach, your company could face severe legal consequences. When client or employee information is compromised, the company is typically made to accept responsibility and may have to pay a penalty or fine. However, the damage done to your business’ reputation is often far greater. Cyber-crime is costly and can lead to a loss of customer confidence and business.
While you may not have the budget a larger company has to invest in combating cyber-crime, there are some best-practice measures a company of any size can implement.
How to keep your data secure
No matter how big or small your business is, the most important element in your cyber-crime fighting arsenal is employee training. You and your staff are your company’s gatekeepers – even an intern needs to know how to spot a phishing attack. Bear in mind that someone new to the working world, say a marketing graduate, will not have had much exposure to corporate cyber-crime threats. Regardless of their experience or area of expertise, all employees need to understand how to keep the company network safe. Hacking methods like social engineering play on employee ignorance and gullibility – your staff need to be regularly trained to spot suspicious email or phone call requests.
A small business doesn’t have to spend a fortune to protect its payroll data from cyber-crime. Weak passwords, for example, are an easy – and affordable problem to fix. Given how many passwords the typical individual has to manage these days, it’s natural for employees to choose something simple. Unfortunately, this makes it very easy for cyber-criminals to break in – a dictionary attack can take just five seconds to crack the code! Part of your in-house cyber-security training needs to include how to create tough yet memorable passwords. What’s more, all passwords need to be run against a password complexity check to make sure that they are as uncrackable as possible. Nonetheless, regular password changes are crucial and locking out users after five unsuccessful login attempts is best practice.
You also need to ensure that the payroll technology you use is up scratch when it comes to information security. Outsourcing your payroll can protect it against cyber-attacks if the service provider you choose has the necessary security measures in place. For example, stored data should be encrypted and their system should undergo regular security checks. When choosing a payroll service provider look out for a company with an ISO 27001 certification in Information Security Management. Companies with this certification will adhere to best practice methods and enforce security measures that are far superior to what most companies can implement in-house.
Cyber-criminals are getting cleverer and more inventive every day. As a small business, you can’t afford any disruptions or breaches. Make sure your processes are secure, your employees are trained in cyber-security and that your company information is protected at all times. Your payroll data is valuable currency; a cyber-attack is not a question of if, it’s a matter of when. Stay alert and keep your business safe from cyber-crime.