“SMBs are not just targets of cybercrime, they are its principal target”
says a U.S. Security and Exchange Commission report from last fall. In fact, the majority of all targeted cyberattacks last year were directed at SMBs.
The New York Times, in its article No Business Too Small to Be Hacked, said that 60% of all online attacks in 2014 targeted small and mid-sized businesses. Of those attacked, more than half (60%) would go out of business within 6 months of a data breach. That’s a lot of broken dreams and heart ache because of a lack of security.
Small businesses lack IT expertise and budget
SMBs make attractive targets because they often neglect their security or rely on older consumer security software for protection. Money is always an issue, and sometimes the budget doesn’t allow for an expensive security package.
Just recently, our free, cloud-managed security solution, Avast for Business, passed a milestone – more than 1 million endpoints protected in less than a year. From our relationship with IT admins in sectors as diverse as Education, Non-profits, Retail, IT consulting firms, and SMBs, we have learned that many organizations lack in-house expertise or resources to install costly and complex security solutions.
Small business owners embrace the idea of employees supplying their own computers, smartphones, and tablets in the workplace. But the savings and convenience can go down the drain if the employee falls prey to a phishing scam and downloads malware or loses their device. Protecting mobile devices has become increasingly more important as Bring Your Own Device (BYOD) grows in popularity.
Technical security measures to protect information are of obvious importance. However, many security incidents relate to the theft or loss of equipment.
We can write multiple blog posts about BYOD policies and educating your employees about the latest threats and tricks that cybercrooks play (spearphishing, for example), which is all extremely important, but if you simply lose your device, then all bets are off anyway. You can avoid headaches in the case of misplaced or stolen devices by having a way to remotely locate the missing device and wiping the data away if it ends up in the wrong hands.
Avast Anti-Theft allows users to log on to their desktop account or use a friend’s phone to remotely locate their device, lock it, activate the remote siren, or wipe its data clean.
Business owners also need to consider what to do about company data on an employee’s personal device when they are terminated or leave the company. Some companies have resorted to wiping personal devices clean of all data, but that includes contacts, family photos, apps and music, which can lead to unpleasant lawsuits or complaints from former employees. Mobile device management systems (MDMs) are available, but could be overkill for very small businesses.
If you only have a few employees, and do not require a full-blown MDM, then Install Avast Anti-Theft for free from the Google Play store to protect your own devices and those of your employees.
Small and medium-sized businesses face a challenge when it comes to keeping their data secure. Many companies don’t have the budget to hire a Managed Service Provider (MSP) to take care of their IT needs, and often, they think they do not have enough knowledge or time to handle it themselves, therefore the path of least resistance is to not have any security at all. At the very best SMBs use a consumer version of antivirus software.
But these days, neither of those options is a good idea. Having no protection leaves you too vulnerable, and the problem with using a consumer product in a work environment is whoever is managing the network cannot look across all computers at once and implement policy changes or updates.
Do hackers really target small businesses?
The media coverage of big time data breaches like Target, Neiman Marcus, and Home Depot may have many SMB owners thinking that they are not at risk, but even small and medium-sized businesses need to make sure that their data and that of their customers is protected.
Here’s a statistic that should get your attention: One in five small businesses are a victim of cybercrime each year, according to the National Cyber Security Alliance. And of those, nearly 60% go out of business within six months after an attack. And if you need more convincing, a 2014 study of internet threats reported that 31% of businesses with fewer than 250 employees were targeted and attacked.
Why do hackers target small businesses?
Hackers like small businesses because many of them don’t have a security expert on staff, a security strategy in place, or even policies limiting the online activity of their employees. In other words, they are vulnerable.
Don’t forget that it was through a small service vendor that hackers gained access to Target’s network. Hackers may get your own customer’s data like personal records and banking credentials and your employee’s log in information, all the while targeting the bigger fish.
While hackers account for most of the data lost, there is also the chance of accidental exposure or intentional theft by an employee.
What can I do to protect my small business?
For mom-and-pop outfits, Avast for Business, a free business-grade security product designed especially for the small and medium-sized business owner, offers tremendous value. The management console is quite similar to our consumer products meaning that the interface is user-friendly but also powerful enough to manage multiple devices.
“Avast for Business is our answer to providing businesses from startup to maturity a tool for the best protection, and there’s no reason for even the smallest of companies not to use it, because it starts at a price everyone can afford, free,” said Luke Walling, GM and VP of SMB at Avast.
Some companies may still opt to pay for a MSP, and in many cases, especially for medical or legal organizations, handing over administration to a third-party may be a good way to go. Either way, our freemium SMB security can be used, and if you use a MSP then the savings can be passed on to you.
Is free good enough for a business?
Many IT professionals have been using free security on their home computers for years. It’s not such a huge leap of faith to consider the benefits of making the switch in their businesses as well.
“I have been using Avast since 2003 at home, with friends, with family. You really come to trust and know a product over the years. It lends itself to business use really well, nothing held back,” said Kyle Barker of Championship Networks, a Charlotte-area MSP.
How do I get Avast for Business?
Visit Avast for Business and sign up for it there.
This question, from a small-site owner with tens or hundreds of visitors per day, is an unfortunate but all too familiar one.
One morning I started getting emails from my customers complaining that their antivirus reported my site as infected and won’t let them in. It must be some mistake because I don’t have an e-shop. There is just a contact form and information for customers. Is it possible that someone is attacking my business?
Why do hackers attack small webpages when there are larger targets?
Small websites have a very low frequency of updates, and the possibility that somebody would find and fix malicious code is almost non-existent, which make them attractive targets to hackers. Hackers seek unpatched pages based on open-source solutions because they can attack them quickly and easily. These pages are later used for sorting users – by those who have vulnerable applications on their computer and by those who cannot be attacked – or simply to hide their true identity. Attackers close “the door” behind them by patching the vulnerability that leads them in and simultaneously create another backdoor, only for them, so the page does not show as suspicious when tested for vulnerabilities.
In general, there are three common types of hacking events a web administrator could encounter:
This type is recognizable on the first look because the site has been changed to display a message from hackers showing off their skills and mocking the web administrator. This is usually a less harmful attack, and although your page was deleted, you don’t have any financial loss because the motivation for this attack was to show the lack of security on your pages and get credit from other hackers. People which make these attacks usually follow the rule, Don’t learn to hack, hack to learn.
For example, there are PHP shells that lets you select the method and reason of defacement and post it online. The image below shows part of a PHP-shell that sends statistics.
According to statistics from Zone-H, there were 1.5 million sites defaced during 2010, and the screenshot to the right shows the reasons for the attacks. A million and half seems like big number, but these are only documented attacks and the actual number would be much higher.
During the last few years, defacement has been used to display political or ethical opinions by attacking sites with lots of daily visitors. This is turn attracts media and gets as much attention as possible. Even antivirus companies are not spared, as you can read in a recent article about the hack against AVAST.