Cyber attacks aren’t new, but 2021 saw an alarming rise in attacks on Irish small businesses. A survey by the IT and cybersecurity solutions provider Typetec revealed more than half (52%) of small and medium-sized enterprises (SMEs)had paid a ransom due to ransomware – averaging €22,712.
More than a quarter (27%) of the businesses that did pay out failed to get all their data restored, and 60% of business owners said that despite paying the ransom, sensitive data was leaked on the dark web regardless.
The risk for small businesses from cyber attacks is high, as they may not have the cybersecurity capabilities of larger firms, and have less finance to fall back on if they are attacked and pay out.
In this guide, we’re going to define cyber attacks, how to recognise them, the different forms they take, and cyber security for eCommerce.
What is a cyber attack?
Cyber attacks are launched by criminals. Using one or more computers, they attack either a single computer, multiple computers, or a network. They’re used to maliciously disable computers and steal data, and can even be used to launch other attacks.
Economic cost of cyber attacks
Small businesses can suffer substantial financial losses from cyber attacks, due to:
- theft of money and/or corporate/financial information (e.g. bank details, payment card information)
- disruption to trading (such as disabling the ability for online transactions)
- loss of contracts
- costs to repair systems and networks hit by the attack.
Reputational cost of cyber attacks
If clients or customers know your business was hit by a cyber attack and their personal data was perhaps compromised, it can affect their trust in you. This can lead to:
- loss of customers
- loss of sales
- profit reduction.
Reputational damage can be far-reaching and ultimately more damaging than financial loss. Suppliers, partners, investors and other third parties vested in your business may think twice about working with you.
Potential legal consequences
Data protection and General Data Protection Regulation (GDPR) laws make it essential you correctly manage the security of personal data you hold on staff, clients and customers. Whether it’s accidental or deliberate, failure to deploy such measures can result in fines and regulatory sanctions.
How to recognise a cyber attack
The best way to educate you and your staff on cyber attacks is to undergo a cybersecurity for business training course. Training will help alert you to the different types of attacks, increase vigilance and install the right software to keep them at bay.
Self-paced or instructor-led online courses can help you learn – whether you work in an office or from home. They can cover:
- legal, regulatory and contractual responsibilities
- how to develop incident responses
- all types of cyber attacks
- cybersecurity fundamentals
- cloud security.
Types of cyber attacks
Phishing – deceptive emails or other types of electronic messaging designed to make victims part with money, data and personal information. The attacker usually impersonates someone the recipient trusts.
Malware – malicious software designed with the intention of damaging or destroying computers and systems. Common examples include viruses, worms, spyware and adware.
Distributed Denial-of-Service (DDoS) attacks – the normal traffic of servers and networks is disrupted by targeting their infrastructure with a flood of internet traffic.
Spam – digital junk mail sent in bulk online through electronic messaging systems, mainly email.
Ransomware – encrypted malware that holds the victim’s critical data at ransom, leaving them unable to access files, applications and databases. By targeting networks, databases and file servers, small businesses can be left paralysed unless they give in to demands.
What to do if you encounter a cyber attack
One of the first things you should do after an attack is change your passwords – and make them harder to hack. Use unique passwords that are difficult to guess and consider two-factor authentication (2FA).
Your IT team should be trained to know how to respond to attacks quickly and effectively. Help them deal with the issue fast by giving them as much information as possible, e.g. what type of attack it is and the extent of the damage.
Remove remote access
Many companies allow remote access to machines, so that IT can help when there is an issue with a staff member’s computer while working from home. Secure the network and contain the breach by removing remote access.
Install security updates/ensure software is up to date
Cyber attacks are constantly evolving. Having security software is one thing, but it needs to be kept up to date to protect against the latest attacks. If you’re hit by cyber criminals, run updates as soon as you can to help fight back, by removing malware, for example.
Communicate with customers
You must be transparent and upfront with customers and tell them if their data has been compromised, otherwise you risk losing their trust.
Assess the breach and learn what to do next time
Once you’ve contained the attack, you need to find out what data has been compromised, which systems have been accessed, and whether any unauthorised entry points remain. You may need to reinstall systems, restore data and repair or replace damaged hardware. Try to learn from the experience with a thorough investigation.
Keep your business safe online
When it comes to avoiding cyber attacks, prevention is better than cure. Adopting the following measures will greatly reduce the chance of an attack.
Virus protection – every company should have this software, no matter its size. Most operating systems come with free antivirus software but look online to see if other software would suit your needs better – and make sure auto-updates are switched on.
Employee training – ensure you and your staff are educated in cybersecurity with an online course that can be accessed anywhere. There are a variety of courses available online from those for beginners to advanced options.
IT support – do you have a strong team in place to help if an attack happens? Employ IT staff that are qualified and knowledgeable or consider outsourcing to one of the many support teams available.
Err on the side of caution – when it comes to cyber attacks, it’s not worth taking a chance. You may prefer not to spend money on software, systems and staff for an attack that might not happen. But if you do get targeted, your finances – and reputation – may take a much greater hit.
Passwordless authentication methods – with weak passwords responsible for so many cyber attacks, companies are looking at ways to remove the reliance on passwords for security.
The fightback against cyber attacks
The home-working revolution may have left small businesses prone to cyber attacks, but a proactive approach will keep hackers at bay. Square helps SMEs grow and thrive with secure payment methods and eCommerce tools for any business.