Business Network Security Can Stop More Than a Virus
The economic turmoil created by the novel coronavirus and social unrest that developed by the civil rights protests made the first half of 2020 the best of times and the worst of times for cybercriminals. Some were able to exploit new network vulnerabilities created when so many Americans retreated to remote work during the economic shutdown. Others developed elaborate scams with emails, phone calls and texts targeted at stimulus checks or federal recovery program aid.
On the business side, data breaches dropped by one-third in the first quarter compared to 2019 because network administrators were on high alert because of the new working conditions and protocols. The resulting turmoil has offered a case study about why business network security is so important today.
“Any crisis is a green light to cybercriminals and scammers. COVID-19 has created an enormous amount of uncertainty and chaos at a scale we’ve not seen before. People are scared, anxious and desperate for anything that might help them through this troubling time. That makes them incredibly vulnerable … it’s the perfect storm,” Jim Van Dyke, Breach Clarity CEO recently said.
In certain ways, the COVID-19 scams and phishing expeditions spread faster than the virus itself.
The sudden work-from-home craze had business network administrators scrambling to establish security systems and protocols for their companies. When so many American workers began working from home, their business networks weren’t the only systems being tested by hackers.
Zoom, the video web conference streaming platform, which so many remote workers turned to stay in contact with their coworkers, was repeatedly hacked and ultimately surrendered over a half-million account users’ information. Along with the increase in remote workers, Americans also increased their use of the internet for gathering news, shopping and communication. Cybercriminals increased their focus on those channels.
ZDNet, which reports on business technology, reported that the attacks came from all over the globe, too. State-sponsored attempts came from China, North Korea and Russia attempted to bilk information from unwary web surfers with spiked documents, spear-phishing lures, and malware campaigns.
A survey of more than 400 global organizations after the coronavirus outbreak showed that 71% of their security professionals reported an increase in security threats or attacks. Phishing (55%), malicious websites (32%), malware (28%) and ransomware (19%) were the leading threats.
Those attacks were aimed at more than people isolated by the coronavirus. A public service announcement issued by the FBI on April 1 warned that cybercrime used the pandemic to also attack government agencies and private organizations. As early as March 30, the FBI’s Internet Crime Complaint Center has logged more than 1,200 complaints related to COVID-19 scams.
While scams related to COVID-19 are up worldwide, the Identity Theft Resource Center reports that publicly reported data breaches are down in the U.S. over the first six months of 2020. The organization found that there were 540 publicly reported data breaches in the first six months of the year, a 33% drop from 2019. Some experts attribute some of the decrease to the hypervigilance of network security organizations created by the pandemic.
Probably not a surprise, but two of the biggest breaches – the hotel chain Marriott (5 million customers) and Nintendo (300,000 users) involved systems heavily trafficked by individual users and involved personal and account data.
Small Targets, Big Impacts
Breach Clarity reports that five data breaches that occurred in the first three months of 2020 – Toondo.com, LimeLeads, Health Share of Oregon, Tetrad and Marriott – involved consumer information such as names, email addresses, Social Security numbers, employer information and more. More recently, the Small Business Administration’s Economic Injury Disaster Loan program was breached exposing the data of nearly 8,000 small businesses.
According to the SBA, cybercrime cost U.S. businesses $2.7 billion in 2018 and one of its recent surveys showed approximately 88% of small business owners felt their businesses were vulnerable to a cyberattack.
Cyberattacks come in many forms, which by now are well known. Malware (malicious software) is software that is intentionally designed to damage a computer network with viruses or ransomware. Viruses are programs that if downloaded spread throughout a network and provide hackers access to it. Ransomware is similar to viruses, but it restricts network access until a ransom is paid.
Phishing is a cyberattack that is delivered through emails sent from legitimate sources. They normally require a reply or a link to be clicked to activate.
Although these kinds of attacks are well-documented, unsuspecting users often never notice them until their network is infected. They can go unchecked for long periods unless they’re stopped.
The 2020 Verizon Data Breach Investigations Report says 28% of all breaches involved small independent businesses, organized crime was behind 55%, and 86% were financially motivated.
There are plenty of ways to lessen the chances of a computer or network being compromised. Experts suggest businesses:
Train employees. Whether it’s out of negligence or bad intentions, the Verizon DBIR says employees are responsible for 30% of business network breaches, and 8% involved misuse by authorized users. So, training is important. Topics should include:
- How to spot a phishing email
- Avoiding sketchy downloads
- Practicing responsible browsing habits
- Protecting sensitive business and customer information
Protect your passwords. It’s an easy, cost-free way to improve business network security. Strong passwords include:
- 10 characters or more
- A lowercase letter
- An uppercase letter
- A number
- And a special character
If employees have been working from home during the coronavirus shutdown, policing their computer and network access passwords is even more important.
Police your users. When it comes to business network security, the best way to reduce the chance of a data catastrophe is to limit the number of users. Each user should have their own account, so activity can be monitored and traced. And administrative privileges should be restricted to owners, managers, or IT staff.
Back up your data. Retail is all about data. Inventory and sales figures, accounts receivable, customer data, tax information and more should be backed up daily. And using an off-site provider isn’t a bad idea either.
“Backups are hugely important, especially in business applications because your business is your livelihood,” says CJ June Managed Services director at Paladin Data Corporation. “Managed Services automatically stores backup files off-site in a cloud database protecting businesses against all kinds of disasters.”
June and other experts advise the 3-2-1 approach to backing up files.
- Make at least 3 copies.
- Record them in 2 different formats.
- Keep 1 of them off-site.
Increasing the IT budget is another easy way to improve information and network security. Many retail technology companies offer data backup and network management services that protect businesses of all sizes 24/7.
Tech vs. Tech
What’s the best defense against the mysterious and frightening world of cybercrime? It’s having somebody on your side who knows what they’re doing. That means having an IT staff or contractor.
Even then, the best business network security can’t guarantee complete prevention, but it takes technology to fight technology.
“The recommended approach to security for small businesses is the three-legged stool: Managed antivirus running on the PCs, Managed Patch Management, and a Managed UTM (Unified Threat Management) hardware firewall at the edge of their network,” says John Oetinger, Managed Network director for Paladin Data Corporation. “Small business owners need to run their business and don’t have time to worry about security in normal times, and more so in these challenging times. These tools work quietly in the background to keep small businesses safe, no matter what chaos is going on in the world around us, so owners don’t have to worry, and can focus on running their business.”
John Bolthouse runs Bolthouse Merchandising which has three hardware stores in central Michigan – Hastings, Byron Center, Midtown (Kalamazoo). When he began looking for a way to protect his digital assets and their network, he turned to Paladin Data Corporation, his technology provider, to manage his multistore business network.
His enterprise has 60 computers on its three-store network and close to 70 devices in the Hasting store alone. The Hastings store utilizes cloud-managed Cisco Meraki switching and all three stores use Cisco Meraki cloud-managed firewall and security appliances. The equipment and his network management provider keep all three stores running reliably and securely.
“When your business is dependent on running on the internet for credit cards and so on, you can’t be down for a minute. You just can’t. There’s no way to run a sale if you don’t have your point of sale and you don’t have your credit card terminals. It’s vital,” John explains. “When customers can’t pay for merchandise, it’s impossible to operate. That makes my stress level too high. I just want these machines to run and Managed Network keeps them running.”
As stores try to bounce back from the coronavirus closure or are adapting to the new retail reality of omnichannel sales and service tools and programs, tightening business network security should always be a high priority.
National Cybersecurity Alliance
Federal Communications Commission
FCC cybersecurity for small business
Department of Homeland Security