A Symantec study found that eighty-three percent of small businesses have no formal cybersecurity plan. Unfortunately, this leaves entrepreneurs dangerously vulnerable to falling victim to hacking. Sixty percent of small and medium-sized companies that get hacked are out of business within six months, the National Cyber Security Alliance says. To help keep your company from becoming a statistic, here are some basic security concepts and terms every business owner should know.
Basic Security Terms Every Business Owner Should Know
Ninety-six percent of cyberattacks have fallen into nine major categories in recent years. For example, in 2016, Verizon reported that the top three attack methods involved phishing, point of sale (POS), and stolen credentials.
Phishing is a method of social engineering which relies on deception to trick people into divulging confidential information. It uses email, website links, or phone calls to extract passwords, credit card numbers, or other sensitive information. For example, an attacker might email you a message pretending to be from Facebook, asking you to click on a link and log into your account to address an issue regarding your account. However, when you click on the link, instead of being directed to Facebook’s site, you get redirected to a fake site where your password will be recorded and stolen when you type it in.
Point of sale attacks steals customer credit card data by intercepting it during the purchase process. One type of POS attack is skimming, which involves physically installing additional hardware onto POS terminals to record credit card data for use or copying. A non-physical alternative to skimming is deploying POS malware, a software code that electronically steals credit card data as customers use their cards. However, attackers must first install it onto the target’s network to use POS malware. This is usually done by finding a vulnerable device or application on a company’s network and using it to gain access to the part of the network hosting its POS software.
Stolen credentials attacks steal passwords and other vital information from targets using several methods. One method is outright stealing a password by physical observation or using a computer to randomly guess password information, the latter known as a brute force attack. Another technique is electronically eavesdropping on a network to intercept password information, a man-in-the-middle attack. Other methods involve masquerading as authorized users, e.g., requesting a password reset to be emailed to a compromised email account.
Cybersecurity specialists use a model called Open System Interconnection (OSI) to analyze system vulnerabilities and plan defenses. OSI views network communications as a series of seven layers. At the lowest layer are physical elements such as local devices and modems. Next are electronic layers such as data, network connections, transportation of data streams, connection sessions. Finally, the top two layers involve applications and communication between applications.
To protect each of these layers, security specialists deploy various defense strategies. Firewalls are hardware or software that block unauthorized users from accessing your device. Encryption is encoding that prevents unauthorized users from reading data without a key. Passwords stop unauthorized users from participating in connection sessions. Passwords alone are easy for hackers to guess, so two-factor authentication strengthens passwords by requiring a second authentication method, such as phone or email confirmation. Antivirus software scans applications and data to detect known malicious code.
As a safeguard against cyberattacks or other emergencies, cybersecurity specialists employ disaster recovery strategies to ensure that there is always a backup copy of vital data available for use on a backup site. Backup sites come in three varieties. A cold backup site is an office or data center space where servers can be migrated in an emergency. A warm backup site is a space that has backup servers in place ready to have a backup copy of your data loaded onto them from tapes or a backup service. Finally, a hot backup site mirrors your data center infrastructure with both servers and recent data backups ready to use.