Small businesses need some Valentine’s Day love too

Happy Valentine’s Day to all the cyber criminals in the world! …said no small business ever. What small businesses are actually saying is ‘what cyber-attacks do we need to protect ourselves from this Valentine’s Day?’ And more importantly, ‘how do we protect ourselves?’

The how is easier than the what

Cyber criminals or hackers, call them what you will, have figured out that people are more inclined to open random emails, invitations, and links on Valentine’s Day, presumably all in the name of love, so we tend to see a spike in cyber-attacks on the run up to and during Valentine’s Day. Actually, hackers escalate malware campaigns during most holidays because users in general tend to be less guarded at these times. This puts not only individuals at risk, but businesses too, since hackers depend on employees making the types of mistakes that will give the hackers access to sensitive information, or to company devices where valuable data can be harvested. Amplifying the problem is that hackers are increasingly targeting business emails rather than personal emails in order to take advantage of users who surf the web during work hours. 

Small businesses, therefore, need to establish the right security posture to protect themselves, starting with a powerful antivirus.  The best antivirus for small business is a cutting-edge, endpoint security solution that protects business computers from known threats and zero-day threats, as well as from phishing emails, ransomware, potentially unwanted programs (PUPs), and attempts to spy on private business conversations via compromised cameras and microphones. Strong endpoint security solutions should also protect businesses by preventing employees from visiting spoofed or compromised sites, or malicious URLs.  

In addition, to establish a strong security posture, small businesses must educate their employees about cyber threats so they know how to recognize and respond to them. Another vital security measure is making sure that all business software is regularly updated so that it contains the latest software patches.  This includes antivirus solutions, which should automatically update to use the latest virus definitions.  Moreover, businesses that work with vendors should assure that their sensitive data is protected by verifying that their vendors also follow proper cybersecurity protocol. Finally, small business owners should never overlook the crucial role that strong passwords play in their business’ safety. Password best practices should be established and implemented without exception.

  Now for the ‘what’

Providing an under-the-hood understanding of just exactly how malware-attacks work is beyond the scope of today’s post, but we can take a look at some of the different types of malware attacks from which small businesses need protection. Sad to say, there are many, especially on Valentine’s Day:

1. Phishing attacks – Phishing attacks, are some of the most popular Valentine’s Day attacks. These attacks send emails purporting to be from reputable companies or someone the user knows, in the hopes that the promise of love will lure users into downloading malicious attachments or clicking on malicious links.
2. Ransomware – Ransomware, which blocks access to its victim’s data or threatens to destroy or publish it unless a ransom is paid, is another hacker favorite and in fact brought us GandCrab ransomware. Last year GandCrab was delivered on Valentine’s Day via massive email spam campaigns. Upon compromising a user’s system, GandCrab encrypts files, changes file extensions, and sends a ransom note that appears on the top of the user’s desktop. Files and data are released only after a ransom is paid. According to krebsonsecurity.com, last year the criminals behind the malware reportedly earned more than $2 billion in extortion payouts from its victims.
3. Worms – And then you have the worms, like the “I love you”, “Valentine E”, “Waledac C” and “Love bug” worms from previous Valentine’s Day attacks. Worms are a form of malware that replicate so that they can spread to other computers. They typically cause damage to networks whereas viruses usually corrupt or change files on their targeted device.
4. DDoS attacks – aka denial-of-service attacks are another popular cyber-attack used by hackers. They work by disrupting the normal traffic to a targeted service or network and then overwhelming it with a flood of Internet traffic, so that service ceases to operate. Essentially, hackers turn infected computers into bots that they can then control and use to cause more traffic than can be handled, resulting in denial of service to normal traffic. This type of attack is particularly effective during holidays such as Valentine’s Day when higher traffic volumes are expected anyhow. Attackers typically try to extort money from their targets in return for stopping the attack.

Lessons learned…

Previous Valentine’s Day attacks have shown us that cyber-attacks increase in the weeks just prior to Valentine’s Day. Businesses that use email, accept online payments, collect personal information from clients online, and in general use the Internet, are therefore at greater risk during this time. Installing powerful endpoint security, training employees to be alert and how to make the right choices in a potential cyber crisis, making sure software is up to date, following good password hygiene, and seeing to it that company vendors also follow proper cybersecurity protocol will pay off. It will pay off every time malware is prevented from being downloaded on your business computers, every time one of your employees is blocked from surfing to a malicious URL or doesn’t click a suspicious link or open a suspicious email, and every time a hacker can’t exploit software vulnerabilities.