Whether your business is a local mom-and-pop shop or a growing corporation, it is likely that most of your operations are conducted online. What you might not be aware of is that SMBs (small- to medium-sized businesses) are uniquely vulnerable to cybersecurity threats due to a relative lack of security precautions as compared to their larger counterparts—and a breach can cause disaster for a company or practice that is unable to absorb the loss. With threats to valuable data on the rise, here are some common cybersecurity terms you should become familiar with:
A VPN, or virtual private network, is an encrypted connection that allows you to share sensitive data safely. As Cisco explains, there are two types of VPNs available for businesses: remote access and site-to-site. Remote access VPNs connect devices outside the corporate office. Site-to-site VPNs use dedicated equipment to establish connections between corporate and branch offices. Both options allow employees to transmit information securely using the network.
Ransomware is a type of malicious software that locks users out of their devices or encrypts hard drives, then demands payment to restore normal operation. According to PC Magazine, one of the most common tactics is to display a message saying the FBI might arrest the victim if a fine is not paid. Of course, very often cybercriminals simply extort money without restoring access (unsurprisingly, people who would blackmail strangers are not known for their ethics). Avoid visiting risky sites and downloading files from unknown sources to minimize your exposure to ransomware.
This is a type of cyberattack with the goal of gaining access to a user’s account in order to impersonate them to others within an organization, usually with the purpose of tricking people into giving up personal information.
Trend Micro recently found that as many as 90% of targeted attacks resulted from spear phishing emails. One recommended defense strategy is learning to recognize the common tactics associated with spear phishing, such as social engineering (or social manipulation tactics), CEO fraud, and tax-related scams.
A worm is a type of computer virus that replicates itself in order to spread. Worms are harmful to their host networks because they consume bandwidth and overload servers, and they often contain “payloads,” or pieces of code that harm the host computer by stealing data and deleting files. They are often spread using infected email attachments that target a victim’s entire list of contacts. If you receive a suspicious email from one of your contacts, check with that person before opening any attachments.
DDoS, or distributed denial-of-service, refers to a type of cyberattack that targets a website, server, or other network resource and inundates it with traffic in order to force it to shut down. Often this is achieved using botnets, networks of computers controlled by the attacker using malicious software applications. A DDoS attack can lead to lost revenue by making your site inaccessible to users for a period of time. It is very difficult to prevent a DDoS attack, but prioritizing network security can make your business less of a target.
This acronym refers to “bring your own device,” a policy many workplaces follow that allows employees to work on phones, tablets, and laptops they bring from home. While it is very convenient for both in-house and remote employees to use their own personal devices, BYOD policies carry security risks. These devices have likely been used on public Wi-Fi networks and home networks that might be less secure than the one you use for work. If your workplace supports BYOD, it is essential that workers are kept up to date on the latest mobile device security best practices and that their antivirus software and operating systems are updated regularly.
Authentication is the process by which users verify their identities, usually by entering a username and password. Whenever you forget a password and have to answer a security question to change it, you are verifying your identity through authentication. Multi-factor authentication is often used to protect sensitive information such as banking data and requires users to show more than one piece of information to prove they are who they say they are. Authentication is distinct from authorization, which is the granting of access to a device or system based on identity.
When companies compare potential or desired performance with actual performance, they are conducting a gap analysis. In the realm of cybersecurity, gap analysis is a useful way to identify vulnerabilities and areas where security protocols need to be improved. Testing potential security breach scenarios will provide the information you need to ensure that your organization can combat future cyberthreats.
Encryption involves changing data when transmitting it to hide its content from unauthorized viewers. Encrypted data appears “scrambled” to anyone who tries to view it without the proper authorization. Data that is shared over a secure Wi-Fi network is encrypted, as are websites with URLs that begin with https://. These sites use the HTTPS protocol, which encrypts all data sent between the web server and your browser. File compression programs such as Stuffit Deluxe and 7-Zip can also encrypt files. Encryption is an important security measure that should be used at all times to protect sensitive information.
Business Continuity Plan
A business continuity plan (BCP) involves putting protocols in place to prepare for a data breach or other catastrophic event that severely impacts operations. First, threats are analyzed and a list of primary tasks needed to keep the organization running is made. Then, a plan for data backup is put into place, often using secure cloud servers. Next, employees must be made aware of how they are expected to enact the BCP, both in the office and in offsite locations. With a business continuity plan in place, an organization of any size can withstand a security breach with all its vital information intact.
Still have questions about cybersecurity solutions? We’re ready to answer them all, from the toughest to the most basic. At JMARK, we know that helping you get the most from your technology means first helping you understand your technology. Call 844-44-JMARK, get in touch at jmarkit@JMARK.com or visit the Contact Us page of our website.