A very sobering Symantec study found that 40 percent of more than 1 billion cyberattacks prevented in 2012 were committed against small businesses. TheNational Cyber Security Alliance revealed that one in five small businesses fall victim to cybercrime each year—and that number is rising.
An even more alarming statistic is that approximately 60 percent of those businesses fail within six months following a successful cyberattack.
With the recent news circulating around malware, such as the new WannaCryransomware worm that has hit at least 150 countries and infected more than 200,000 computers, we felt it was appropriate to address the ransomware threat as well as other forms of malware in an effort to keep your business and customers safe.
How exactly does malware put your small business at risk?
What exactly is malware? How can it affect your company’s data and ability to do business?
Here are definitions for some of the most notorious forms of malware:
Malware is short for malicious software and is not a specific threat in of itself, but rather a comprehensive term that covers any software installed on your machine to perform undesirable tasks. This includes stealing or manipulating data, controlling access to your system(s), or otherwise harming the host computers. It is used to benefit the perpetrators without the consent of the machine or data owner. Malware routinely runs in the background and can go undetected for quite some time. Ransomware, viruses, spyware, and worms are all types of malware.
Descriptions of the most common types of malware
Ransomware is a form of malware that is used to capture and hold an individual’s data or computer hostage until the “ransom” is met. The ransom is frequently in the form of Bitcoin, a digital currency used in online transactions and is virtually untraceable.
The attack starts by encrypting the user’s data or locking the host system. This forces the user to pay the ransomware creator in order to receive a decryption key to unlock the data or remove the restrictions placed on the system.
Some ransomware will go as far as displaying a message and timer informing the user that their data will be erased completely unless payment is made prior to the time running out. In some cases, the amount of ransom goes up as remaining time goes down. Ransomware is typically spread through file download or network vulnerability.
Viruses are types of software capable of copying itself and spreading to other computers. The virus accomplishes this by attaching itself to other programs and executing code when a user launches the infected code. Viruses are used to steal data, damage host computers and networks, and more. Viruses can be spread through script files, documents, and vulnerabilities often found in web applications.
Spyware is a form of malware that gathers information from your computer by spying on user activity and transmitting it to a third party. This activity can include financial data, browser usage, as well as system information. The system information can also include applications installed, which can then be used to exploit any known vulnerabilities in those applications. More advanced spyware can monitor your keystrokes. This can provide critical data such as account numbers, usernames, and passwords to unscrupulous individuals. Spyware is usually spread by embedding the software in other applications, as well as downloads or network vulnerabilities.
Worms are one of the most common types of malware. They spread over networks, consuming bandwidth and slowing the system to a crawl. Worms can also carry payloads designed to delete files, steal data, or damage host systems. Worms have the ability to self-replicate and are frequently spread by sending mass emails with infected attachments. Many times, this email comes from a user known to the victim in order to deceive the user into opening it.
Cyber attacks don't just hit big companies; small businesses are at risk, too....
How can you protect your small business from malware?
1.Keep all your system’s anti-virus and anti-malware software up to date:Most anti-virus and anti-malware companies continually address and update their software to address new threats. If your software has an auto-update feature, make sure it’s enabled or create a regular schedule to update manually.
2.Ensure all your operating systems are up to date on patches: This is particularly true with Windows-based machines.
3.Put into place and enforce strong password practices and policies: The longer and more complex passwords are, the more difficult to guess or crack and are vital to a securing your systems. Guidelines in achieving strong passwords are:
- Make all passwords at least 12 characters long. Password cracking software can discover most anything less than 12 in a matter of minutes or hours.
- Include a random mix of numbers, letters, special characters, and capitalization.
- Do not use patterns such as birthdays, names, addresses, or any other information that could be gathered through social engineering. These types of passwords are the first attempted and the easiest to crack.
- Change your passwords infrequently. Forcing your employees to change passwords frequently can lead to bad password habits and forgetting new passwords.
You can use tools and websites such as How Secure is My Password to validate the overall strength of your passwords. These tools typically measure the strength by the length of time it would to crack the password using readily available (and many times free) cracking tools.
Just because you are a small business, doesn't mean you won't be a target of...
4.Develop and enforce an equipment use policy: Create guidelines for your staff members on what they are permitted to do with company-owned resources. This should include what they can and can’t do on computers and phones, such as internet and personal usage, software installations, backups, scans, etc.
5.Educate employees: This is one of the most essential actions in securing your business. Educate your employees to make smart computing decisions and to understand the current threats. Create regular security training sessions for your employees that cover security basics, to include strong passwords, email attachments, suspicious websites, download scanning, etc.
6.Report cyberattacks: If your business has fallen victim to an attack, notifying the appropriate authorities can help bring the criminals to justice. This can also increase your chance of recouping any losses incurred.
Today’s world is fraught with peril from cybercriminals who wish to profit from or destroy your hard work. Cybersecurity must be made a top priority to help prevent this. We must be prepared to protect our organizations through countermeasures that include anti-malware software, updating your systems, comprehensive policies, and procedures as well as user training programs.
If you can afford it, it is also recommended to have periodic security audits as a way to keep your business secure. There are many providers who will scan your environments, analyze existing policies, and make recommendations on how to harden vulnerabilities.
Unfortunately, cybercriminals are not going away anytime soon and they are targeting small businesses more than ever before. Keep security in the forefront and you’ll have a better chance to avoid becoming one of their many victims.
Ron Smith is an Infusionsoft Sr. Quality/Security Engineer. Having served in the USAF as a security specialist, he became passionate about security. During his 20 year career, he has worked for very large companies such as Microsoft, Intel, and Pearson, but his love for small business carried him to Infusionsoft. He is also the father of five boys and an avid Harley Davidson rider and home brewer.
This article is from Infusionsoft, which is the CRM software that Qspray uses, loves and recommends. Here is the link to the original article. I am sharing this article with our pest control equipment & weed/landscape equipment customers.
NIce weed control sprayer mounted in a utility bed for a landscape client.225 Poly Leg TankHonda EngineHypro 8-Roller PumpDual Cox Hose Reels - for maximum productivityWe mount the reels on the toolbox to save bed space. This is a component mount sprayer. There is no frame/skid. For this application, the frame adds almost no value so we [...]
Thanks for Ryan S. for sharing this terrible technician horror story: We had a technician at my prior company go to a customer's house for regular pest control service.The wife was at home by herself. The technician asked the customer where her husband was (he was at work). Technician stated that if he [...]
Can I use my B&G Sprayer to spray bleach?One quick look at these photos gives you the answer. HELL NO!A client recently came in needing B&G replacement parts for his B&G sprayer. He told us he used the B&G Sprayer to spray bleach. The bleach turned the brass green and ate through the B&G Valve Extension. Interestingly, it disolved [...]
We built this 400 Gallon Weed Control Spray Rig for Roadrunner Public Health of Albuquerque, NM. Roadrunner won the City contract to spray all the alleys in the City. That's hundreds of miles of alleys. They needed a Weed Control Sprayer that would allow them to quickly, productively and cost-effectively spray all those alleys.After a number of [...]
It is important to ensure a long life for your Birchmeier backpack sprayer. The best way to do this is to check and clean your filters every day. On every Birchmeier there are two filters. One filter is in the tank. The other is in the spray valve (the handle as you might call it). If [...]
Qspray.com is pleased to introduce guest blogger and Wildlife Control Expert, Stephen M. Vantassel. Stephen is the author of "The Wildlife Damage Inspection Handbook". This is an invaluable resource to pest control professionals in identifying damage to structures, landscapes, and livestock.Good photos can be of enormous benefit to the identification of animal or pest sign [...]
Andrew Greess, at Qspray.com, knows a thing or two about Birchmeier Backpack sprayers and all their parts. Not only does QSpray sell the products and parts, but they repair them as well. A part that sometimes wears down and cracks is the air cylinder. It is understandable as an extreme amount of pressure gets put into this piece, repeatedly.Occasionally, [...]
Thanks for Cory H. for sharing this terrible technician horror story:I had a technician who refused to wear deodorant and would hit the gym on his lunch break. He also had a headcold and would blow snot rockets, which, because he went to the gym so much, he had a big chest and they would [...]