THE BLOG

DOA: Can Your Business Survive These Top 5 Security Threats?

04/06/2015 12:19 pm ET | Updated Jun 06, 2015

It's like a scene out of a horror movie: zombie apocalypse is upon us and the world is coming to an end.

Zombie

Image: MoviePilot

Okay, so it may not be that dramatic, but dealing with security issues in business can be scary. And just like dealing with zombies, giant meteors and any apocalyptic scenario, your business should be ready with mitigation and contingency plans.

Attacks can hurt and even destroy your businesses. In fact, 72 percent of small businesses that are hacked are expected to close down within two years of the issue. It's a high figure, and one that highlights the seriousness of such threats.

As the mantra goes: "Fail to prepare. Prepare to fail." Simply knowing your vulnerabilities goes a long way to preventing problems. Here's a No-B.S. Look at the Top Cyber Threats for 2015  -- the implications are global and local.

However, even though security professionals would love scare you into thinking the threats are so complex and exotic that there's little you can do yourself, the opposite is true. Tools that help fend off and mitigate such disasters are at your disposal. It's a matter of knowing how to properly field these resources.

To fortify your business from the zombie onslaught, here are the top five security threats and exactly what you can start doing.

1. DDoS Attacks

For businesses that rely heavily on the internet, DDoS attacks aren't just annoying. They can end up costing quite a bit of money.

DDoS stands for distributed denial of service, and it occurs when an entity sends so much automated traffic to a server that legitimate traffic (real users) are denied service because all resources are being used.

There are a number of ways to prevent DDoS attacks, depending on the business size and attack vectors. Smaller businesses can use a third-party provider that uses a content distribution networks (CDNs) to mask their IPs, which offers some basic protection from direct-to-IP attacks. Alternatively, medium to large businesses can use a bandwidth oversubscription approach. This involves you leasing a notably larger amount of capacity than your site requires, meaning an attacker can't create enough traffic to cause problems.

All of these are half-measures, however, and using a proprietary DDoS service is generally a more cost-effective means of protecting against attacks. Case in point: Over-subscribing can be very costly, but still not very effective against large-scale attacks.

Pro tip: Know the capacity of your network and the limitations of your server (RAM and CPU). If you are regularly aware of the availability of free resources on your server (or lack thereof) you should consider over provisioning, as DDoS is most deadly when targeting networks that operate on low margins.

2. Drive-By Downloads

Most people who own a business have probably never heard of the term drive-by download.

However, it is a real problem.

A drive by download is when a hacker enters a website with little or no security and places malware on the site. Once the malware is injected into the site, anyone who visits it will automatically download the malware. While drive-by download may not be a household term yet, this is how most hackers spread banking trojans in an effort to steal financial data and other sensitive information.

In addition, such an attack can also target the network internally, such as malware that deletes or steals content from the site's database, or even hijack the underlying server infrastructure.

It's often quite simple to prevent drive-by downloads. For one thing, encouraging employees to keep software up to date will help. Additionally, disabling JavaScript within PDF documents is also worth mentioning. Web filtering software is also a wise investment as it will often prevent people visiting sites that may be unsafe and are havens for this sort of activity.

Pro tip: Use a WAF. A web application firewall is an appliance, software or plug-in filter that implements rules that manage an HTTP conversation. Using a cloud based WAF to protect against attack vectors like cross-site scripting and SQL injections is a smart idea.

3. Insecure Wireless Connections

The vast majority of businesses these days run on wireless connections. After all, being tied to a cord limits mobility and, in many cases, productivity.

However, not all wireless connections are created equally.

While most Wi-Fi connections are password protected and encrypted, as a business owner, it's important to remember that there is no such thing as 100 percent safe Wi-Fi. If the connection is wireless, it can be tapped into.

The bad news is there are several inexpensive programs sold online to help hackers do just that. Once a hacker makes his or her way into a Wi-Fi network, any data within that network becomes up for grabs.

Pro tip: Protect all ports. Your own local network connection might have several insecure ports. Make sure you secure all ports and related protocols from public or insecure access, which can be potential entry points for malicious content.

4. Cloud Breaches

The cloud is growing at incredible rates, and more and more business owners are using it to process, store, and share job-critical data.

Unfortunately, the cloud can be about as safe as walking down Wall Street at night in the middle of a zombie apocalypse. As a matter of fact, even big brands like Apple have been the victims of cloud breaches.

Preventing cloud breaches is all about understanding the cloud apps you're using, evaluating their quality and migrating to higher quality software if needs be. Mitigating risks will involve adequate policy controls, encrypting applications, ensuring data security/sovereignty and appropriate auditing.

Pro tip: Go hybrid. A purely public cloud approach might be a concern to businesses and enterprises that want full control over their data. Running a hybrid cloud will enable your enterprise to distribute the content across a public cloud architecture, whilst maintaining sensitive data on-premises. In such a case, a WAF is also useful in mitigating potentially unwanted traffic.

5. Email Attacks

Email is the primary form of communication for nearly all businesses. However, while we may consider email to be a secure place to hold a conversation, that's not always the case. As a matter of fact, over six million email accounts are hacked and passwords are stolen over the course of an average three-month period. Not only can data be stolen through email breaches, but email accounts are often sold on the black market to the highest bidder, giving hackers a way to reach out to your clients and make them think that you're the one reaching out!

Preventing email attacks starts with the password. Using a password that's long, mixes numbers and different-case letters together, and is above all not a real word will go a long way to prevent email hacks.

In fact, the best passwords are randomly generated characters of over 16 letters.

Pro tip: Implementing two-factor authentication is also a great way to prevent problems. In addition to a password, anyone wanting to access the account will need another form of identification. This is usually a code generated via a smart phone app or a security key, or sent through SMS or an alternative account. This code changes constantly and the process makes it very hard for hackers to breach accounts.

Can your business survive the apocalypse?

The majority of businesses are using Wi-Fi connections, running cloud applications, and keeping data online, making running a business riskier today than ever before.

However, being aware of the potential attack points, as well as understanding the steps to prevent these, will greatly reduce the chance of problems.

So, if you're a business owner, take time to ensure that all access to your data is secure. Otherwise, the zombies are coming and they might just eat your brains.