Calligo Blog

The Top IT Security Threats that SMEs should be afraid of

11 MIN READ

The Top IT Security Threats that SMEs should be afraid of

By Calligo on 18 November 2019

notorious malware and ransomware attacks to intelligent social engineering techniques to the newer “juice-jacking” and public Wi-Fi hacks. So the question to ask is – are you aware of the top IT security threats that are affecting SMEs?

Small businesses are frequently being targeted by cybercriminals, with the number of attacks and those affected expected to rise. This is usually because SMEs may not have the internal resources or expertise to hand or have the necessary IT security processes and policies in place. Adding limited employee cybersecurity awareness into the mix makes SMEs prime targets for a cyber-attack.

security-breach

43

Percent of Cyber Attacks Target Small Businesses*

To help raise cybersecurity awareness, we have selected the top 9 IT security threats that we most frequently spot threatening our SME clients’ networks.

 
 

The Top 9 IT Security Threats affecting SMEs

 

9

Weak Passwords

A good password is not necessarily one that is easy to remember. Good, in this context, means strong. All employees should be required to use strong passwords or passphrases that are more resistant to guessing, or a brute force automated “dictionary hack” that throws hundreds of potential password combinations per second at a system until it cracks.

 

8

Unlocked Hardware

The most basic of errors, and the simplest route into your network. From unlocked phones and laptops to allowing an unauthorized person into the building. Employees need to be educated on the importance of locking devices as well as questioning visitor identities.

 

7

Juice Jacking

Be aware of free public charging ports for mobile phones. This is a relativity new threat where a public USB-based charging port is corrupted to install malware onto the device or covertly copies sensitive data off it.

 

6

Web Browser Extensions

Web browser extensions are not always what they seem. Their functionality often depends on being granted certain permissions or access, so if they are compromised, they can grant cybercriminals access to your web history, cookies and even stored passwords.

 

New call-to-action

5

Typosquatting

Typosquatting is the act of purchasing URLs that are very similar to those owned by well-known brands and putting up fake sites that mimic the true brand’s presence. On the surprisingly frequent occasions that users then commit typos when entering a URL in the browser, these fake sites can then either deliver malware to the users’ devices, often without any need to click any links, or be so convincing that they request login credentials and even payment details.

 

4

Public WI-FI

Free public Wi-Fi might seem like a lifesaver, especially when you’re working remotely or when you’re on the go; however, it’s a hacker’s dream. With remarkably cheap equipment and the most basic of know-how, cybercriminals can use so-called ‘Man-in-the-Middle’ attacks to easily intercept data flowing through any unsecured public Wi-Fi connection. Similarly, cybercriminals frequently set up rogue Wi-Fi hotspots, often with network names masquerading as nearby brands’ open connections for customers, leaving your data and business data easily accessible to them.

 

3

Phishing

Phishing attacks typically rely on using convincing email and SMS communications, often posing as from recognized brands, to gain access to personal and sensitive data such as usernames, passwords and financial information or to encourage links to be clicked that will install malware. These are often successful as they play on users’ trust of brands’ communications.

 More targeted attacks, known as “spear-phishing”, are where a cybercriminal purposefully targets a single organization or individual. This can sometimes be in the form of “urgent” demands via email or even calls from the “CEO” or “Accounts” in order to gain access to the user’s data or contacts, install malware, or even to have false payments made.

phishing

76

Percent of businesses reported falling victim to a phishing attack**

 

2

Ransomware

Ransomware is a form of malware that instantly encrypts and prevents users from accessing their systems or data until a sum of money is paid. In 2019, 1 business fell victim to a ransomware attack every 14 seconds (Cybersecurity Ventures). These are often some of the most headline-grabbing cyberattacks, as when they impact core infrastructure services, such as when the Wannacry attack hit the UK’s NHS in May 2017, they can have dramatic societal effects.

 

1

Malware

The most common threat that our SME clients’ networks face. Malware (“malicious software”) is any dangerous program or file that is deliberately placed on a network. These include some of the most well-known threats, including viruses, worms, “trojan horses” and spyware. Malware and ransomware are often delivered through phishing attempts but can also access your network through USB sticks, unsecured Wi-Fi hotspots, typosquatting and malicious add-ons and applications. Their purpose is varied, and will range from the relatively benign mischief of just damaging your devices and network, to harvesting your data, monitoring your activity and even recruiting your machine’s resources and processing power to support larger hacks and attacks.

virus

7,000,000,000

7.2 billion malware attacks in the first 3/4 of 2019***

 

How can I protect my business from these IT security threats?

There are three pillars of IT security, each of which must be addressed equally: People, Processes and Technology. You could put in place the most sophisticated technology-based defences such as anti-virus and firewalls, but without supporting your employees with the necessary education, or enforcing the correct patching processes, your network will remain susceptible.

 

In fact, almost all of the threats above rely on inadequate processes and human error or naivety. Cyberattacks will seek out the easiest route into your network, and that is often your workforce.

 
 

How Calligo can help

Calligo’s award-winning IT Managed Services include baked-in services that address all three pillars of IT security and keep your business continuously protected from all attack types.

Our IT Security Services include:

  • Strategic security consultancy
  • Anti-virus, malware, ransomware and SPAM
  • Security audits
  • Patch management
  • Penetration testing
  • Employee cybersecurity awareness training
  • Back-up & disaster recovery

Find out more about our IT Security Services here.

 

*Verizon | **Wombat | ***Security Magazine.Com

New call-to-action