Cyber Security basics for Small Businesses

Introduction

How can cybercriminals attack your server?

  • Un-targeted attacks: These include phishing, water-holing, ransomware, and scanning attacks that attempt to infect as many devices or users as possible. They don’t care about the identity of the victim since there are a great number of vulnerable computers or services.
  • Targeted attacks: Aim at a single organization, such as Spear-phishing, Botnet-deploying, and Supply chain subverting. The episodes are often more damaging than un-targeted ones because it has been specifically tailored to attack your systems, processes, or personnel, in the office and sometimes at home.
  • Survey stage: Attackers investigate and analyze available information (on Social platforms, and domain management services) to identify vulnerabilities.
  • Delivery stage: The attackers seek to get access to a vulnerability that they have uncovered. Their common actions include accessing an organization’s internet services, sending emails with a harmful code attachment, handing away infected USB sticks at a trade show, and constructing a phony website.
  • Breach stage: Criminals exploit vulnerabilities to gain some form of unauthorized access. They might make changes affecting the system operation, access to online accounts, or control users’ computers, tablet, or smartphone
  • Affect stage: Criminals can try to install automatic scanning programs to discover their networks further and gain control of other systems if they have administrative access to only one system. They will take great care not to trigger the system’s monitoring functions, and may even temporarily deactivate them. They may get important information, put money into their bank accounts, or even disrupt company operations by overloading internet connections or uninstalling the entire operating system.

What can companies do to defend against Cyber threats?

Conduct employee training

Perform Risk Assessment

  • Investigate where and how your data is stored, as well as who has access to it.
  • Determine the risk levels of prospective occurrences and how breaches may affect the firm.

Install Antivirus Software and keep updated

Make regular backups

  • Choosing an application that automatically backups up your data so you don’t have to remember to do it.
  • Keeping backup copies offline so they don’t get encrypted or inaccessible if your machine is attacked by ransomware.

What initiatives should be conducted if an attack occurs?

1. Identify

2. Protect

  • Manage who accesses the company’s network or uses devices.
  • Utilize security software to secure data.
  • Encrypt sensitive data while it is at rest or in transit.
  • Implement data backups regularly.
  • Update security software frequently and automatically
  • Document formal rules for disposing of electronic files and outdated devices safely.
  • Give cybersecurity training to your employees.

3. Detect

4. Respond

  • Notify everyone (customers, employees,…) whose data are probably at risk.
  • Keep your business operations still in process.
  • Report to the authority enforcement about the attack.
  • Update your cybersecurity standards.
  • Preparing for unintentional occurrences (such as weather emergencies) that may jeopardize your data.
  • Test your plan regularly

5. Recover

Final thought

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Terralogic Inc

Terralogic Inc is the leading software development IT services company in Sandy, Salt Lake & Ogden city in Utah, Dallas — Texas, San Jose — California’s Bay