Businesses, no matter how little, have to be mindful of and deliberately apply cyber security measures at each level. Your inner forms and your workforce are the final, and one of the foremost critical lines of defense in securing your trade from cyber threats. Given little businesses often need the assets for devoted IT staff, this area addresses how you’ll oversee to get data in your trade, secure your trade accounts, and prepare your staff how to anticipate, recognize and report cyber security occurrences. Small businesses account for over 95 percent of all businesses in Pakistan. Whilst 72 percent of small businesses have a website, only 36 percent check for updates every week, with websites increasingly being targeted by cybercriminals. These three quick wins will help small businesses with websites protect their money, data, and reputation. Common cyber threats to small Business: Malicious Software: Malware is a blanket term for malicious software including ransomware, viruses, spyware, and Trojans. Malicious Software is used to disrupt data, Damage reputation, and deceive someone. It provides criminals with a way to access important information such as bank or credit card numbers and passwords. It can also take control of or spy on a user’s computer. What criminals choose to do with this access and data includes: Fraud Identity theft Disrupting business Stealing sensitive data or intellectual property Siphoning computer resources for wider criminal activity. Malware creators can be anywhere in the world. All they need is a computer, technical skills, and malicious intent. Criminals can easily access cheap tools to use malware against you. Criminals cast a wide net and go after the most vulnerable. Through implementing cyber security measures and staying alert to threats, you can protect your business from being the easy target. Protecting against Malware: Automatically update your operating system, software, and apps Don’t use crack version of software Don’t download and install software from unknown sources Regularly back up your important data Train your staff to recognize suspicious software 2. Phishing Criminals will often use email, social media, phone calls, or text messages to try and scam your businesses. These criminals might pretend to be an individual or organization you think you know, or think you should trust. Their messages and calls attempt to trick businesses into performing specific actions, such as: Paying fraudulent invoices or changing payment details for legitimate invoices Revealing bank account details, passwords, and credit card numbers (sometimes known as ‘phishing’ scams, cybercriminals can mimic official branding and logos from banks and websites to seem legitimate) Giving remote access to your computer or server Opening an attachment, which may contain malware Purchasing gift cards and sending them to the scammer Where? Emails, Social Media, Phone Calls, Text Messages Phishing scams are not limited to emails. They are increasingly sophisticated and harder to spot. Be cautious of urgent requests for money, changes to bank accounts, unexpected attachments, and requests to check or confirm login details. Scam messages can be sent to thousands of people, or target one specific person. However, there are common techniques that criminals will use to try and trick your staff. Their messages might include: Authority: Is the message claiming to be from someone official or someone senior in the business? Urgency: Are you told there is a problem, or that you have a limited time to respond or pay? Emotion: Does the message make you feel panicked, hopeful, or curious? Scarcity: Is the message offering something in short supply, or promising a good deal? Current events: Is the message about a current news story or big event? Protecting against Phishing If you think a message or call might truly be from an organization you trust (such as your bank or a supplier) finds a contact method you can trust. Search for the official website or phone their advertised phone number. Do not use the links or contact details in the message you have been sent or given over the phone as these could be fraudulent. Ransomware Attacks: Ransomware is a type of malware that locks down your computer or files until a ransom is paid. Ransomware works by locking up or encrypting your files so that you can no longer use or access them. Sometimes it can even stop your devices from working. Ransomware can infect your devices in the same way as other malware. For example: Visiting unsafe or suspicious websites Opening links, emails, or files from unknown sources Having poor security on your network or devices (including servers) Installing Cracked versions of software Ransomware offers cybercriminals a low-risk, high-reward income. It is easy to develop and distribute. Ransoms are typically paid using an online digital currency or crypto currency such as Bit coin, which is very difficult to trace. Also in cybercriminals’ favors, most small businesses are unprepared to deal with ransomware attacks. Small businesses can be particularly vulnerable, as they are less likely to implement cyber security measures that could help prevent and recover from ransomware. Paying a ransom does not guarantee a victim’s files will be restored, nor does it prevent the publication of any stolen data or its on-sale for use in other crimes. It also increases the likelihood of a victim being targeted again. Preventive Measures: Regularly backup your important data Automatically update your operating systems, software, and apps Where possible, require multi-factor authentication to access services. Audit and secure your devices (including servers if you have them) and any internet-exposed services on your network (Remote Desktop, File Shares, and Webmail). Discuss this with an IT professional if you are unsure. The writer is a cyber security expert and can be reached at firstname.lastname@example.org.