Business Security

Five endpoint threats affecting small businesses

Greg Mosher, 18 March 2018

This cybersecurity guide aims to help small business owners protect their companies against endpoint threats by arming them with appropriate knowledge. Below is a step-by-step introduction to cybercrime followed by our list of the top five endpoint threats affecting small businesses.

Endpoints are an easy target for hackers, so it’s essential that small businesses protect themselves. Connected employees, vulnerable software and weak antivirus all contribute to this being a favorite target of hackers. And, as the list below details, there are many types of cyberattacks that target endpoints, from phishing to malvertising.

Five endpoint threats affecting small businesses

1. Phishing

Email Attachments

  • What it is: Many phishing attacks use email attachments to get victims to suspicious sites, or even launch software on your machine that works in the background.
  • How it works: The victim receives an email that has got through a firewall or has gone undetected by antivirus because there are no malicious links in the body of the email. The email will often appear to be from a trusted source – bank, government, insurance company – and directs the recipient to open the attachment. The attachment might appear to be one type of file – PDF, jpeg – but is in fact a link that takes the victim to a malicious site disguised as a reputable one in order to extract security/sensitive/login information.
  • How to protect against it: Antivirus with high security standards that is updated regularly, is essential to making sure malicious emails don’t reach inboxes. In addition, staff cyber security training should be carried out for comprehensive protection. This should include guidance on how to recognise malicious emails and other attack strategies.

Unknown sender or spear phishing (spoofed emails)

  • What it is: The target receives an email that is pretending to be from a source they trust: a bank, company they deal with or even a friend or colleague.
  • How it works: This more sophisticated, advanced threat often involves hackers prying into people’s emails to find trusted sources to spoof. As well as making this threat particularly effective, it put businesses at particular risk because hackers can pretend to be colleagues asking for sensitive material. This hack is usually more targeted, where hackers are after specific data, money or military secrets.
  • How to protect against it: High-quality antivirus with data protection that acts in real-time to protect employees and businesses from these threats, but, again, training people to be aware of the threats is essential to supporting antivirus.   

The ‘too good to be true’ email

  • What it is: This is more of an approach, than a type of threat. Victims receive an email – usually from a trusted source – that requires ‘urgent action,’ with the outcome stated as being of great benefit to you.
  • How it works: Links or attachments take the victim to a malicious site to harvest sensitive information. For example, the email says that you have won big in a prize draw and all you need to do to claim your winnings is to enter your personal information and bank details into a website.
  • How to protect against it: Antivirus and regular staff training is an essential part of cyber security management in tackling these types of threats as well as an enforced security policy.

Suspicious links

  • What it is: Whether in an ad, an apparent update, a pop-up or an email, the victim is told to click a link which leads to data breaches.
  • How it works: The link takes the victim to a suspicious site which may attempt to gather sensitive security data or even launch a piece of software that may operate in the background – for example, adware. While adware can be removed, any sensitive data that an employee might hand over could make the whole company vulnerable though shared software or corporate networks.
  • How to protect against it: High-quality antivirus protects against these threats – updating with new protection as threats emerge. Training employees to recognise suspicious links is also important: for example, shortened links like bitly may be used to mask malicious links.

2. Unpatched vulnerabilities

Out of date antivirus

  • What it is: When a new threat appears, antivirus companies push updates to the software – this ensures the antivirus on people’s machines has protection against the new threat.
  • How it works: Many people ignore antivirus software update pop-ups. But those updates are protecting you against new threats. Without them, hackers may ‘get in’ through those unpatched ‘holes’. Most people view antivirus software updates as a hassle and even a scam in itself. They ignore requests to update and, over time, make their machines more and more open to attack. This may be compounded by the idea that employees care less about business’ data and hardware than they would their own – or the idea that ‘the business or IT will take care of security’. In reality, all employees have a role to play.  
  • How to protect against it: Update your antivirus software regularly and whenever prompted.

Unpatched software e.g. apps, programs, operating systems

  • What it is: ‘Unpatched’ – like with clothing – means software with holes in. Legitimate software, operating systems and third party applications have access to parts of your machine and network, but may not be secure.
  • How it works: Hackers can exploit these vulnerabilities and gain access by hacking this legitimate software.
  • How to protect against it: Beware low-quality software that isn’t from a trusted source. There are lots of great free little apps and programmes for certain tasks, but in installing them you may be opening your business to hackers. Activate auto-update on Windows and other operating systems to ensure you have the latest version of the software.

Unpatched browsers

  • What it is: Hackers access your web activity by hacking your web browser if it’s low-quality or hasn’t been updated. This threat often comes in the form of zombie cookies (data that is recreated after you delete it).
  • How it works: Hackers access your web browser which allows them to monitor everything you do online. This may well include login information and other private or sensitive business data.
  • How to protect against it: This threat is on the rise and software companies are working to tackle it. You should:
    • use a recent version of a high-quality antivirus which include a firewall and anti-spyware software with up-to-date signatures (the code that verifies the authority and trustworthiness of certain sites or online products)
    • advise your teams to heed all security warnings
    • never run untrusted software or click on unexpected attachments.

3. Malvertising

Malware and advertising

  • What it is: Malvertising involves placing malicious or malware-laden adverts into legitimate online advertising networks and webpages.
  • How it works: Websites unknowingly include a corrupted or malicious advert into a page. People who visit the page can become infected without even clicking the advert, whether through auto-run malware or taking the visitor to a malicious website. What makes this particularly dangerous is that even some legitimate adverts can be hacked and may contain the malicious code.
  • How to protect against it: High-quality antivirus that includes anti-malware is essential for protecting against or removing malvertising – and ad blockers can help hinder the delivery of these adverts. Train employees to be particularly vigilant and careful – or avoid altogether - when using software such as Adobe Flash Player and Adobe Reader as they can be vulnerable to attacks.   

4. Drive-by-downloads

Downloads the user is unaware of

  • What it is: By visiting a website, clicking a link, viewing an email or updating software following a prompt, victims may be downloading viruses, spyware or malware without knowing.
  • How it works: People are encouraged to click a link which might appear to do one thing (or nothing) but it is in fact downloading a virus. A ‘drive-by install’ is where software is actually installed in the background without the user knowing. This poses a particular threat to businesses as the virus may not only infect your network and other machines, but it may go undetected while hackers gather information on your business or even hold you to ransom (see below for more on ransomware).
  • How to protect against it: High-quality antivirus helps to protect small businesses protect against this threat by using a number of detection methods: from monitoring a user’s system for anomalies when a web page is rendered, to detecting malicious code (shell code).

Known downloads that the user thinks are safe

  • What it is: A victim sees an update or other prompt that it recognises and/or trusts and clicks.
  • How it works: Instead of a legitimate update, a virus is downloaded.
  • How to protect against it: High-quality antivirus software that is updated is the best protection against drive-by downloads of all types. To support this, small businesses should train teams to recognise all cyber threats and include updates as new threats emerge.

5. Data loss and theft

Attacks that steal data

  • What it is: This is a growing arena for hackers as method and tech become more sophisticated. For example, in 2017 hackers targeted many power companies to steal data in cases of corporate espionage – even international espionage.
  • How it works: For large businesses, hackers will often target smaller companies in the supply chain to work their way into the main ‘high-value’ network. Access to servers or endpoints gives hackers access to private or sensitive data which they can copy in massive dumps of information. While larger companies are often the target, the approach can also be used to steal information from small businesses about business structures, financial data and even patents.
  • How to protect against it: Businesses are particularly at risk from this threat as they have information worth stealing and lots of ways in, from individuals to their endpoints. As such small businesses should invest in high-quality antivirus software which will include network and host-based signatures as well as network intrusion detection methods.

Ransomware

  • What it is: Ransomware is a type of malicious software from that threatens to publish the victim’s data, delete it or block access until a payment is made.
  • How it works: A user downloads some malware in one of the ways described above and the hackers block access to and/or steal data. Simple ransomware may lock a user’s system which experts can often unlock. More sophisticated techniques (using cryptoviral extortion) which encrypts the victim's files, making them inaccessible. The victim pays the ransom and receives a de-encrypt key which returns access – as was the case with the many WannaCry attacks in 2017. Ransomware damage is predicted to reach $11.5 billion by 2019. Read our full article on ransomware here.
  • How to protect against it: While backing up all data on a completely separate system is advised, antivirus is essential.

Protection

With multiple people and locations, big businesses carry a lot of risks and have a lot to lose. But they often have big budgets and devoted IT teams who handle antivirus. Small businesses, while having fewer endpoint risks, often don’t have devoted teams or individuals. Which is why it is essential to have high-quality antivirus software that keeps your employees’ machines updated with the latest protection and have all patches/updates applied across the business in a timely fashion.

Learn how the features of Avast Business Antivirus can keep your business secure.