Cybersecurity Essentials for Small Businesses: Staying Ahead of Evolving Threats

Cybersecurity Essentials for Small Businesses: Staying Ahead of Evolving Threats

A globe with multiple lock icons with text that reads "cyber threats are evolving - is your business ready?"

With modern technology progressing at a rapid speed, and cyber threats along with them, businesses can no longer afford to turn a blind eye to cybersecurity.  Small businesses, often perceived as low-hanging fruit, are prime targets for cybercriminals who exploit vulnerabilities such as outdated software, weak passwords, and unprotected networks.

At Nomerel, we believe that every business, no matter its size, has the potential to protect itself from cyber threats. By understanding and implementing the basics of cybersecurity, you can significantly reduce your vulnerability and safeguard your organization from becoming a hacker’s next victim.

The Growing Cybersecurity Threat Landscape

 

Cyberattacks are on the rise, and small businesses are increasingly in the crosshairs. Why? Hackers often assume that these businesses lack the resources to implement robust security measures. According to recent reports:

  • 43% of cyberattacks target small businesses.
  • 60% of small businesses that suffer a cyberattack close their doors within six months.

The costs are staggering—from financial losses and reputation damage to operational downtime. The average cost of a data breach in 2023 exceeded $4.45 million, making proactive cybersecurity measures not just advisable but essential.

Understanding the Hacker Mindset: Why They Target Small Businesses

 

Hackers are opportunists. They focus on targets with the weakest defenses, exploiting vulnerabilities such as:

  • Outdated software.
  • Weak or reused passwords.
  • Unprotected networks.
  • Employees unaware of phishing scams.

Becoming a low-hanging fruit means leaving these vulnerabilities unaddressed. At Nomerel, our mission is to help businesses recognize and close these gaps, ensuring you’re not an easy target.

Common Cyber Threats Small Businesses Face

 

Understanding the threats you’re up against is the first step to building a resilient defense. Here are some of the key dangers small businesses need to address:

Juice Jacking

Public charging stations may seem convenient, but they can harbor hidden dangers. Cybercriminals can install malware on these stations, infecting any device plugged in. Once infected, attackers can access sensitive data or even control your device remotely.

Protective Measures:

    • Use only trusted charging stations.
    • Employ a USB data blocker to prevent malware infections.
    • Ensure devices are set to “charging” mode, not “data transfer” mode.

Malware-Laden Apps

The rise of mobile apps has also led to an increase in malicious applications that can infect devices, steal personal data, and even crash systems.

Protective Measures:

    • Download apps only from trusted developers and official app stores.
    • Check reviews and ratings before installation.
    • Regularly update all installed apps to ensure they have the latest security patches.

Malicious QR Codes

QR codes offer convenience but can also be used by hackers to direct unsuspecting users to malicious sites or install malware.

Protective Measures:

    • Use reputable QR code scanners that check for malicious content.
    • Avoid scanning codes from unknown or untrusted sources.

Using Public Wi-Fi Without a VPN

Public Wi-Fi networks are notorious for being insecure, providing an easy avenue for hackers to intercept sensitive data.

Protective Measures:

    • Always use a Virtual Private Network (VPN) when connecting to public Wi-Fi.
    • Avoid accessing sensitive accounts or conducting financial transactions on unsecured networks.

Cybersecurity Basics: Strengthening Your Defense

 

Here are fundamental practices every small business should adopt to mitigate cyber risks:

 

  1. Keep Software Up-to-Date Outdated software is a common entry point for hackers. Regular updates patch vulnerabilities, closing the door on potential attacks.
    • Enable automatic updates for operating systems and applications.
    • Check for updates for hardware devices like routers and firewalls.
  2. Strengthen Passwords and Use Multi-Factor Authentication (MFA) Though many people prefer to use the same password across accounts, weak or reused passwords are a major security risk. Instead, use a different password for each account and employ MFA to add an extra layer of protection. Best practices include:
    • Require complex passwords with a mix of letters, numbers, and symbols.
    • Use a password manager to avoid reusing credentials.
    • Implement MFA for all critical systems and accounts.
  3. Train Employees on Cybersecurity Awareness Employees are your first line of defense against threats like phishing scams.  Without well-trained employees, they can easily fall victim to the ploys of a hacker.  To maintain cybersecurity:
    • Conduct regular training sessions on identifying suspicious emails and links.
    • Foster a culture of cybersecurity where employees feel confident reporting potential threats.
  4. Secure Your Network A secure network is critical to protecting sensitive data.  Make sure to follow these steps to secure the data of your company:
    • Use firewalls to block unauthorized access.
    • Encrypt sensitive data during transmission.
    • Provide secure VPNs for remote workers.
  5. Back Up Your Data Just because a security breach has not happened to you does not mean it will never happen.  Regular backups are essential for recovering from ransomware attacks or data loss.
    • Follow the 3-2-1 rule: Keep three copies of your data, on two different types of storage, with one copy off-site.
  6. Monitor for Suspicious Activity Early detection is key to mitigating damage from cyber threats.  The best way to prevent a cyber-attack is to:
    • Use monitoring tools to identify unusual activity.
    • Partner with an IT provider like Nomerel for 24/7 monitoring and threat detection.

Advanced Cybersecurity Measures for Forward-Thinking Businesses

 

For those ready to go beyond the basics, advanced strategies like Zero Trust Architecture and AI-driven threat detection can provide robust protection. Zero Trust assumes that no user or device is trustworthy by default, requiring strict verification for access. AI tools can identify patterns and potential threats, adding another layer of defense.

How Nomerel Can Help

 

At Nomerel, we specialize in crafting tailored cybersecurity solutions for small businesses. Our services include:

  • Customized Security Plans: We evaluate your unique needs to implement effective, scalable defenses.
  • Proactive Monitoring: Our team provides round-the-clock threat detection and response.
  • Employee Training: Equip your team with the knowledge to recognize and mitigate risks.
  • Compliance Support: Stay aligned with industry standards like HIPAA, PCI DSS, or CMMC.

Take the First Step Toward Cyber Resilience

 

Don’t let your business become low-hanging fruit for cybercriminals. By addressing common threats, implementing cybersecurity basics, and partnering with experts like Nomerel, you can protect your data, maintain customer trust, and ensure long-term success.

Ready to strengthen your cybersecurity strategy? Contact Nomerel today for a consultation. Let’s work together to secure your business against the evolving threat landscape.

RANSOMWARE:  AN EXISTENTIAL THREAT TO SMBS

RANSOMWARE: AN EXISTENTIAL THREAT TO SMBS

A few days ago, Marco returned from lunch to his small office and turned on his computer. It appeared that he had been logged out of his account which sometimes happens as his workstation is a gateway that other employees go through to access files on his company’s main server. As Marco signed back in and started to utilize some of his usual  programs, he noticed  that some of the commands he usually used were missing. This should have been his first clue that something was very wrong but he didn’t pay attention to what he was looking at. So, he restarted his programs and the issue persisted.  Marco began to encounter other issues and elected to restart his computer. It was then that he noticed that there was another session running in the background and he observed the session was utilizing 30 to 40% of the CPU’s time which was unusual. Marco then left the office for a meeting.  Upon his return to the office the next day, it was apparent that ransomware has been placed on his system, encrypting all his and the company’s files.  His screen was filled with a communication of what to do and not to do by the hacker if he wanted to unlock his company’s files.  A ransom demand of 5 Bitcoins, which amounted to approximately $58,000, was demanded and eventually paid by his company.   

The above account is not fiction although it has been anonymized to protect the victim company.  It happened and continues to happen on an all-too-frequent basis to companies and private citizens alike.  Before we get too far ahead of ourselves, let’s look at what ransomware is and what can be done before, during and after a ransomware attack is executed. If you think you have have been attacked, experts in ransomware recovery are available to aid in recovery.

According to the FBI ransomware is a form of malware that encrypts files on a victim’s computer or server, making them Inaccessible to the user.   Cyber criminals then demand a ransom, usually in the form of Bitcoin or some other anonymized currency, in exchange for providing a key to decrypt the victim’s files. Ransomware attacks are becoming more sophisticated, are better targeted and are more costly. During the recent pandemic, ransomware attacks have become more prevalent in the advent of more employees working from home, utilizing their own devices, and networks which may or may not be well protected.  

Ransomware victims span across most if not all economic sectors Including health care organizations, industrial/manufacturing companies, local and state governments, law enforcement institutions, educational institutions, transportation entities, and other commercial entities  as well as the computers of private citizens.  Historically, most attacks begin as an email phishing campaign wherein the cyber criminal uses generic, broad based spamming strategies to deploy their malware, while recent ransomware campaigns have been more targeted.

Cyber criminals socially engineer phishing emails to reflect urgency which if not acted upon may create anxiety and fear of not taking appropriate action as well as preying upon the natural curiosity of the human being on the receiving end of their phishing attack.  The more information cyber criminals know about the recipient of their email the more likely they will be successful in their attack.  In the current pandemic, a newly mobilized remote workforce people are already anxious and maybe more susceptible to an attack, often times trying to “click away” their anxiety in search of answers that will alleviate their present concerns.

Ransomware is more prevalent nowadays because hackers have access to more sophisticated tools that are supported 24/7.  Defense always lags behind offense when new tactics are being utilized.  Ransomware tools are cheaper to build. There are also more distribution channels to utilize and more lucrative targets whose information is already in the public domain through Facebook, LinkedIn, and other social media and internet searches.  The method to pay for the ransom which is typically Bitcoin, is untraceable with regard to the recipient and the payer and therefore cannot assist law enforcement in identifying the cyber criminals.  Cyber criminals also make use of the TOR anonymity network to interact with the victim which anonymizes the cyber criminals’ identity. 

Before the Event

It is important for any individual or organization to lay the groundwork to protect itself from becoming a ransomware victim. You cannot eliminate 100% of the possibility that you will be a victim of ransomware but you can diminish the probability by being proactive.  The primary defense for any organization or individual against ransomware is to have an effective, and robust back-up and restore capability for all your critical data. Having an updated backup to restore from could save your company and you personally from having to pay a significant ransom to regain access to your information and being at the mercy of hackers to regain access to your data.  The time to invest in backups and test to see if your backups are working properly is not after a ransomware attack has occurred.  Back-ups are critical to your company’s recovery from a ransomware attack.   

In addition to having regularly updated backups and verifying their functionality, you must ensure that the backup drives or devices are not connected to the computers or networks after they are backed up, otherwise they too will be encrypted during a ransomware attack and will be rendered useless. 

Your company can enhance any security measures taken to protect their computers and networks by training and educating your employees and end users on information security principles and techniques. Ransomware is not a firewall/anti-virus issue. Socially engineered phishing attacks are often the vector of attack and employees are the targets and as such are a company’s portal of vulnerability.  Employees should be made aware of the threat of ransomware, how it is delivered, and how to recognize what may be a phishing email attack and not click on it. 

Keep your operating systems, software, and firmware patches updated preferably through a centralized patch management system. Ensure that every server is patched or it may become the access point to the whole network. Ensure that you have anti-virus and anti-malware automatically updated and that scans are conducted frequently. 

Practice restricting access to file, directory and network share permissions.  Configure access controls to allow only those who need access to have access to necessary information and data. 

Consider disabling macro scripts from Office files transmitted by email.  Utilizing Office Viewer software instead of full Office Suites applications when you open Microsoft Office files should be considered. 

Prevent the execution of programs in common ransomware locations by restricting software policies or other controls.  The aforementioned locations are temporary folders supporting popular internet browsers, and compression/decompression programs, including those located in the AppData/LocalAppData folder. 

Since cyber criminals frequently utilize open RDP ports, companies should audit their network for systems that use RDP and close all unused RDP ports, utilize multi-factor authentication (MFA) and track RDP login attempts. 

Companies should categorize and prioritize data based on its criticality and value to their organization and create both physical and logical separation of networks and data for different organizational units.  In other words, protect your most valuable data more than your lesser valuable data.  

Utilizing application whitelisting allows systems to execute only programs known and permitted by your company’s security policy.  Also utilizing virtual environments to execute operating systems environments or specific programs. 

During the Attack

Let’s go back to our friend Marco.  When Marco realized that his computer was infected with ransomware, he remained calm and contacted his IT department who, not knowing how far into the attack the company was, instructed him to disconnect his computer from the network, as well as disconnect all devices from his computer. Unfortunately, Marco advised his IT contact that the attack likely started the day before when he noticed some anomalies when using his computer.  The IT contact called the local police department and reported the attack to the FBI.  Reporting the attack to the authorities is not done thinking they can stop the attack or assist with remediation.  Reporting the event to the local law enforcement will get you a report number in case it is needed to make a claim against the company’s cyber security policy or to claim a loss with regard to corporate taxes.  Notifying the FBI also allows them to track victims and crimes to see if there are other victims attacked with the same ransomware variant and to aggregate the cases if there is an open investigation or get authority to open one. 

At this point we leave Marco and his coworkers to sort out what damage was done to their systems and data. They will have to make the decision to either pay the ransom utilize their backups to restore their systems. 

As a rule, the FBI does not advocate paying a ransom because cyber criminals are not the most reliable people in keeping their word to decrypt your data once you have paid the ransom.  Additionally, cyber criminals are not vested in customer service so even if you paid and they are acting in “good faith” they may not possess the know-how or capability to be able to decrypt your data.  Things still can go wrong with their algorithms too. Historically, ransomware cyber criminals have been content to just encrypt your systems and receive a ransom to unlock or if no ransom was received, they would move on to the next victim.  However, now we are seeing a shift in tactics wherein cyber criminals are stealing sensitive information at the same time as executing a ransomware attack and threatening to release the information if no ransom is paid.  Even if a company has a backup, they still may pay the money in blackmail, hoping the cyber criminals keep their word not to disclose the information. These are some of the reasons that the FBI will always be reluctant to reinforce criminal behavior by advocating that businesses pay ransoms.  Furthermore, if a company pays, they may be a victim again at a later date because they have set the precedent of paying.  So, if you do decide to pay, understand that you may be a target again.  Also, if you do agree to pay, seek out a service to pay on your behalf so that you do not involve your company brand in the negotiations. 

Ultimately, it is not the FBI’s decision whether or not a company pays the ransom.  It is  the decision of company’s management team and maybe their legal counsel.  The management team must make the decision that will be the best for business continuity. 

After the Attack

After the company has done its best to get back to business, now is the time to make sure they limit the probability it will happen again.  Your company should start with a third-party assessment to see what vulnerability let the attacker through.  What systems vulnerabilities were you not aware of?  This should be done by a third-party vendor to ensure the integrity of the process.  Also, the IT staff may not have the tools or expertise to conduct the assessment.  After the assessment, you need to clean or wipe your environment because the cyber criminal might have left a backdoor for him to return through at a later date and time or might have left additional malware embedded in the system.  Next you need to invest in modern defenses such as real-time monitoring of your network.  Firewalls and anti-virus are important, but they won’t give you network visibility or real-time alerts.  Finally, invest in cyber security training and awareness for your employees and test whether it is working.  By educating your employees in cyber security threats you are developing them into “human firewalls” and lessening the likelihood that they will fall for phishing attacks and introducing ransomware into your network. 

Conclusion

Ransomware is a very real existential threat to small to medium size businesses and as such needs to be prevented whenever possible.  Seventy-eight percent (78%) of small to medium sized businesses (SMB) are targeted by cyber criminals not only for their data but also as a portal to other systems.  Sixty percent (60%) of SMBs that are hacked go out of business within six months of their victimization.  This statistic does not have to be an inevitable outcome. 

Prevention is key and includes utilizing technology, operations and administrative means to accomplish.  Utilizing technology includes regularly backing up data and ensuring functionality in restoring data in case the need arises, updating patches, deploying anti-virus and anti-malware, disabling macro scripts etc.  Operational means includes restricting access to critical data and systems, implementing software restriction policies, employing best practices utilizing RDP, whitelisting, network and systems segmentation, etc.  Administrative means includes implementing policies and procedure that institute best practices for employee behaviors and actions, as well as cyber security training and awareness for those employees.  Protecting your company against ransomware can be done. You just got the plan, so let’s get busy!