Many people naively believe that malicious software is primarily transmitted via adult sites, gambling platforms, illegal streaming services, and other online meccas of vice. While that’s a nice thought, the truth is that many of the most fertile breeding grounds for online viruses are legitimate small and mid-sized businesses—and yours could be one of them.
We know what you might be thinking, But we’re just a small business. Why would cyber criminals ever target us? The thing is, cybercriminals prefer smaller businesses because they’re less likely to have cyber security experts in place to detect their malicious code, meaning you could unknowingly distribute it to users around the world for weeks, months, or even years.
According to Forbes, over 30,000 sites are hacked every single day, with a new cyber incident happening somewhere on the web every 39 seconds. We know that sounds scary, but the good news is that there’s a lot you can do to protect yourself and your business should any of them happen to you.
Cyber security best practices
Understanding cyber security best practices for small businesses (including your remote employees) and implementing the right cyber risk mitigation strategies can significantly reduce your vulnerability. The two most important things you can do to protect your business today are to implement two-factor authentication and seek out the right cyber security insurance coverage. So feel free to skip ahead to those sections to learn more.
But if you're here to learn more about specific online dangers, here are ten of the top cyber crimes being reported in 2024—with actionable tips for how to prevent cyber attacks on businesses like yours.
- Phishing
- Ransomware
- Spyware
- Social engineering
- Bricking
- Dependent business interruptions
- Invoice manipulation
- Cryptojacking
- Apache Log4j vulnerability
- QR code vulnerabilities
1. Phishing
What is phishing?
This is by far the most popular method of cyber-criminal activity, which is, unfortunately, a testament to how successful it is. Phishing is when criminals pretend to be legitimate members of a business and send fraudulent emails—often accompanied by suspicious links—in an attempt to collect personal information and/or funds.
How to protect your business from phishing attempts
- Enable an email filtering solution that pre-screens emails for potentially malicious attachments and links. If using Office 365, we strongly recommend enabling the Microsoft Advanced Threat Protection add-on.
- Include multi-factor authentication protection (more on this later) on all network administrator accounts and any other user accounts with elevated permissions within your network.
- Implement employee training programs so your staff can easily recognize and avoid blatant phishing emails. Send out random “test” emails disguised as a phishing attack to identify which team members require additional training.
2. Ransomware
What is ransomware?
This is one of the fastest-growing cybercrimes thanks to how lucrative it can be against unsuspecting businesses. Ransomware is when hackers take control of your system and hold your important information hostage until you meet their demands
How to protect your business from ransomware attacks
- Add multi-factor authentication protection on all remote access to your network (including any remote desktop protocol connections), email servers, cloud services, and data backup solutions.
- Use a robust backup solution that is either disconnected (“air-gapped”) from your network or segregated from your network with multi-factor authentication access control. Backups should be tested frequently and, ideally, be capable of restoring essential functions within 24 hours in the event of a widespread ransomware attack across your network.
- Implement next-generation anti-virus protection, including automated endpoint detection and response functionality on all endpoints. All detected endpoint activity should be monitored and investigated 24/7/365.
3. Spyware
What is spyware?
Spyware is a common method of credit card fraud, in which the criminals install malicious software on the victim’s computer or smartphone. Unknowingly to the user, the spyware runs in the background, collecting your sensitive information and sending it back to the criminal.
How to protect your business from spyware attacks
- Implement next-generation anti-virus protection, including automated endpoint detection and response functionality on all endpoints. All detected endpoint activity should be monitored and investigated 24/7/365.
- Add multi-factor authentication protection on all remote access to your network (including any remote desktop protocol connections), email servers, cloud services, and data backup solutions.
4. Social engineering
What is social engineering?
Social engineering is the psychological manipulation of people—using technology—to divulge confidential information or perform actions the criminal wants. Common methods include email infiltration, redirected payments, and “Forgot Password” overrides.
How to protect your business from social engineering attempts
- The #1 way to avoid a social engineering claim is to implement a callback provision/procedure for any request to wire payment or change a bank routing number. This procedure should include double-checking the phone number you are calling to confirm payment and/or changes with an outside source (i.e. website, emails, etc.) as the email providing instructions could be compromised and show the fake number of the criminal.
- Enable an email filtering solution that pre-screens emails for potentially malicious attachments and links. If using Office 365, we strongly recommend enabling the Microsoft Advanced Threat Protection add-on.
- Include multi-factor authentication protection on all network administrator accounts and any other user accounts with elevated permissions within your network.
- Implement employee training programs so your staff can recognize and avoid social engineering attempts more easily. Send out random “test” emails disguised as a scam attack to identify which team members require additional training.
5. Bricking
What is bricking?
As the name implies, bricking is when a hacker enters a computer system and renders it completely unusable, making it more or less a brick. This causes major business interruption, data loss, and—commonly—blackmail.
How to protect your business from bricking attacks
- Add multi-factor authentication protection on all remote access to your network (including any remote desktop protocol connections), email servers, cloud services, and data backup solutions.
- Use a robust backup solution that is either disconnected (“air-gapped”) from your network or segregated from your network with multi-factor authentication access control. Backups should be tested frequently and, ideally, be capable of restoring essential functions within 24 hours in the event of a widespread bricking attack across your network.
- Implement next-generation anti-virus protection, including automated endpoint detection and response functionality on all endpoints. All detected endpoint activity should be monitored and investigated 24/7/365.
6. Dependent business interruption
What is a dependent business interruption?
Also known as contingent business interruption, this is a situation in which cybercriminals shut down or hinder a third-party vendor your company relies on. This could include network servers, parts manufacturers, supply chain links, and more. Whether you’re the primary target or not, your company will not be able to conduct business as usual until that critical service is restored.
How to protect your company from dependent business interruptions
- This is a tough one because the fact that it’s another business being targeted means it’s mostly out of your control. You can, however, share this article with your dependent businesses and recommend they take proactive cybersecurity measures (if they haven’t done so already).
- Collect certificates of cyber liability insurance from all of your dependent businesses showing adequate cyber risk insurance limits.
- Develop and implement contingency plans should one of your dependent businesses go down for an extended period.
- Use a robust backup solution that is either disconnected (“air-gapped”) from your network or segregated from your network with multi-factor authentication access control. Backups should be tested frequently and, ideally, be capable of restoring essential functions within 24 hours.
7. Invoice manipulation
What is invoice manipulation?
Invoice manipulation is a scam in which cybercriminals gain access to an employee’s email and use it to communicate with your vendors and customers. They often wait for a transaction to take place, then swoop in and ask the payor to make it out to a different bank or account at the last minute, ensuring the money gets directed to them and not you.
How to protect your business from invoice manipulation attempts
- Add a mandatory provision that any changes to a bank account or routing number can only be handled over the phone and never via email. Then make sure your customers, vendors, etc. are all aware of this change so if they ever receive an email asking them to make a change, they will know it is fraudulent.
- Enable an email filtering solution that pre-screens emails for potentially malicious attachments and links. If using Office 365, we strongly recommend enabling the Microsoft Advanced Threat Protection add-on.
- Include multi-factor authentication protection on all network administrator accounts and any other user accounts with elevated permissions within your network.
- Implement employee training programs so your staff can more easily recognize and avoid invoice manipulation and other blatant scam attempts. Send out random “test” emails disguised as manipulated messages to identify which team members require additional training.
8. Cryptojacking
What is cryptojacking?
Okay, so this is a unique one. Cryptojacking is when cybercriminals embed themselves in your computer system and use it to mine for cryptocurrency such as Bitcoin. This allows them to avoid the expensive hardware and large electricity bills typically required to mine blockchain-based digital currencies.
How to protect your business from cryptojacking attacks
- Enable an email filtering solution that pre-screens emails for potentially malicious attachments and links. If using Office 365, we strongly recommend enabling the Microsoft Advanced Threat Protection add-on.
- Add multi-factor authentication protection on all remote access to your network (including any remote desktop protocol connections), email servers, cloud services, and data backup solutions.
- Implement employee training programs so your staff can more easily recognize and avoid phishing and other blatant cryptojacking attempts. Send out random “test” emails disguised as a phishing attack to identify which team members require additional training.
9. Apache Log4j vulnerability
What is the Apache Log4j vulnerability?
Log4j is a piece of Apache open-source software used by tens of thousands of software packages (known as artifacts in the Java ecosystem) and projects across the software industry. It allows developers to easily archive data and understand how their programs function to help companies understand potential bugs or performance issues in their software. The Log4j vulnerability allows attackers to take over the computers and networks of any organization running the program and launch ransomware attacks or take remote control of affected systems, essentially shutting out businesses entirely.
How to protect your business from Apache Log4j attacks
- Add multi-factor authentication protection on all remote access to your network (including any remote desktop protocol connections), email servers, cloud services, and data backup solutions.
- Scan for Log4j with open-source tools to determine if it exists in your code, and if it does, whether it contains any vulnerabilities. Anchore, for instance, offers two such tools that allow you to quickly scan a large number of packaged dependency formats.
- Review Apache’s Log4j Security Vulnerabilities page for more information on how to apply the available patches right away. We recommend prioritizing your most critical, internet-facing systems and network servers first before moving on to other assets.
- Once all your code is mitigated, conduct a thorough security review to determine if your system remains compromised.
- Report any Log4j vulnerabilities to the CISA and FBI as soon as possible.
10. QR code vulnerabilities
Quick response (QR) codes are a popular marketing, sales, payment, and customer service tool for businesses of all types. They function similarly to a barcode and can be scanned by code readers or smartphones so individuals can access websites without having to type in a specific URL.
Although they can be a useful tool, the nature of QR codes allows them to be exploited by cybercriminals. Since legitimate QR codes appear as a random scramble of pixels within a larger square, it can be difficult for users to differentiate between the safe and malicious ones. Additionally, QR codes may be standalone images, so they may not be accompanied by telltale signs of malicious activity, as is often the case with fraudulent emails (e.g., misspellings, suspicious links).
How cybercriminals exploit QR codes:
- Replacing or tampering with QR codes—Malicious actors may place their counterfeit QR code over a legitimate one or alter a legitimate one.
- Placing QR codes in high-traffic areas or strategic locations—Cybercriminals may place QR codes in high-traffic areas or near places where they might seem connected to a location or object (e.g., on a parking meter). Curious passersby or those thinking the QR codes serve a safe function (e.g., paying for parking) may then scan the malicious code.
- Sending fraudulent QR codes in an email or through an app—Malicious actors may include a QR code in digital communication with language accompanying it to make the code seem legitimate.
Once the fraudulent QR code is scanned, a user may be vulnerable to various security issues, including:
- Quishing—This is a form of phishing where the cybercriminal seeks to steal an individual’s credentials, passwords, or other sensitive data after a user accesses the website through a malicious QR code. The cybercriminal may use social engineering techniques to trick a user into thinking the website is legitimate and, therefore, safe to enter their sensitive information.
- QRLjacking—This involves a cybercriminal spreading malware to an individual’s devices after a fraudulent QR code directs the user to a malicious URL.
- Device hacking—Under certain circumstances, a malicious actor may be able to access a user’s device if they scan a fraudulent QR code. The hacker then may be able to place a call, send a text, or make a payment from the compromised device.
How to protect your business from fraudulent QR codes
- Provide continuous education to employees on the latest QR code dangers and train them on how to safely use their technology.
- Carefully examine QR codes to ensure they are not tampered with or altered before scanning them.
- Double-check the web address of the site they are directed to, and advise employees not to scan QR codes if they are unsure of their origin.
- Install antivirus software with content filtering that inspects links and attachments and blocks access to suspicious items.
- Maintain strict access controls to limit damage from malicious actors if they obtain login credentials.
- Utilize multifactor authentication systems to add a layer of protection to business systems in case employee passwords or credentials have been compromised.
- Keep all devices updated and patched, and disable automatic QR code scanning on devices.
- Review default settings and permissions regarding the sharing of sensitive information.
- Reduce the use of QR codes in electronic business communications to disincentivize cybercriminals from using them to target customers.
How to protect your customers from QR code dangers
- Only use reputable QR code generators.
- Customize your QR codes to include your company’s branding.
- Test all QR codes before distributing them.
- Ensure linked websites are strongly encrypted and have SSL protection.
The importance of two-factor authentication
In light of the growing number of cyber attacks, many companies are turning to two-factor authentication (also commonly called 2FA or multifactor authentication) to enhance their cyber security. While no cyber security method is foolproof, using two-factor authentication can add an extra layer of security to your online accounts.
How does two-factor authentication work?
Two-factor authentication adds a layer of security that allows companies to protect against compromised credentials. Users must confirm their identity by providing extra information (e.g., a phone number or unique security code) when attempting to access corporate applications, networks, and servers.
With two-factor authentication, having only your username and password is not enough. You’ll need another “factor” to verify your identity and log in to your online account. This additional hurdle means would-be cyber criminals can't easily unlock an account—even if they have the password in hand.
A more secure way to complete two-factor authentication is to use a time-based, one-time password (TOTP). A TOTP is a temporary passcode generated by an algorithm (meaning it’ll expire if you don’t use it after a certain amount of time). With this method, users download an authenticator app—such as those available through Google or Microsoft—onto a trusted device. Those apps will then generate a TOTP, which users will manually enter to complete their login.
Why two-factor authentication and password management is important
As two-factor authentication becomes more popular, some states are considering requiring it for certain industries. It’s possible that as cyber security concerns continue to grow and cyber-attacks become more common, other states will follow suit.
Even if it’s not legally required, ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability, and confidentiality of an organization’s passwords.
Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management. This policy should require employees to change their passwords regularly, avoid using the same password for multiple accounts, and use special characters in their passwords.
By implementing these cyber risk mitigation strategies, you can help protect your business, employees, and clients. Contact us today for additional cyber security threat prevention guidance and insurance solutions.
Explore your cyber security insurance coverage options with Christensen Group
As these cyber threats continue to evolve, partnering with a cyber insurance broker you can trust is a crucial first step. Because even if you have the absolute best cyber security measures in place, they won’t protect you from the biggest vulnerability to your business—human error.
All it takes is one brief lapse in judgment by an employee to create significant exposure and put your business at risk. Contact us today and one of our cyber insurance experts will help identify your business’ online liability risks and walk you through the cyber security requirements you need to meet.
To learn more about cyber risk insurance coverage, check out our complete guide to cyber insurance. We'll get you caught up on everything you need to know, including: