Security Roundup: Why SMBs are just as vulnerable to cyber attacks as large organisations

This week we take a look at why you should prioritise cyber security regardless of your company’s size, a recent Facebook vulnerability, and more.

SMBs are just as vulnerable to cyber attacks as large organisations

Isaac George, SVP and UK Regional Head at Happiest Minds has outline why small businesses are just as vulnerable when it comes to cyber attacks as larger ones.

“In 2012, there were 300 times more cyber attacks on small businesses than in 2011, and since then, the numbers have been rising year-on-year. Smaller businesses, either limited by strategy or finance, tend to have weaker or lesser cyber security in place, which makes them easier to attack,” said George.

“Moreover, a lot of small businesses have Fortune 500 companies and other large organisations as clients – this means that by hacking the small business, the hackers can gain access to their larger, high profile clients.”

Here are George’s top six tips that smaller businesses need to think about with regard to securing their businesses:

1. Understanding the risks
The first step to securing your business is to learn what threats and vulnerabilities exist, and where these threats could be coming from. You and your security team need to know what’s out there.

2. Create and implement a security policy
The next step is to create a security policy that involves strict protocols, for both everyday security and for situations where your security has been compromised.

3. Train everyone on security
Everyone in the organisation needs to be educated on the potential risks and threats and has to be trained in the business’ security practices. There can be no exceptions; believe me, it takes just one person breaking protocol to give hackers the opportunity they need.

4. Maintain physical access control
While securing your network is important, controlling physical access to networked devices is also critical. An unauthorised person accessing a device could easily compromise your security.

5. Password protect and authenticate
Every system in the organisation must have a unique password and only authorised employees should be in the know. Wherever possible, your vendors must also employ multi-factor authentication to further secure access, and all software that employees install on their systems must be approved by your security personnel.

6. Secure mobile and Wi-Fi access
Every employee is sure to have a mobile device, whether it’s a smartphone or a tablet, and every one of them is likely to want to connect to the company Wi-Fi. If your company culture allows this, I recommend mandating the installation of security apps on these mobile devices, as well as maintaining constant Wi-Fi access control.

Facebook vulnerability allowed hackers to access personal and payment information

Bitdefender has discovered a significant vulnerability within Facebook which allowed hackers to access any user account through simple social login manipulation. The attacker was able to gain access to personal user information, a contacts list for potential malware distribution and payment information – allowing purchases to be made in the user’s name.

The attack vector in this case – social logins – are an alternative to traditional authentication. This form of access offers users a convenient way to sign in to their web accounts without entering their username and password, with a majority of websites offering social login through Facebook, LinkedIn, Twitter or Google Plus. Bitdefender researchers identified a method to steal a user’s identity and access their account using Facebook’s Login plugin.

Ionut Cernica, vulnerability researcher at Bitdefender and the researcher behind the discovery of the flaw, stated: “This is a serious vulnerability – it allows attackers to log in on most websites that feature Facebook Login. This means an attacker can make payments on the user’s behalf on an e-commerce site, for instance.”

Digital dependency at work can make information vulnerable to loss, theft or cyber attack

Kaspersky Lab has been investigating the presence and impact of ‘digital amnesia’ in the workplace, finding that 44 per cent of business people admit that typing notes into a digital device means they miss valuable contextual, emotional or behavioural clues that are vital for accurate understanding.

Dr Gorkan Ahmetoglu, Lecturer of Business Psychology at University College London, said: “If one is very familiar with what is being said, then being present “in mind” may be a more effective way to absorb the full bucket of information presented than by noting it on a device – letting our working memory connect the dots in real-time.”

Kaspersky said that the greatest risk of leaving a conversation entirely in the memory of a digital device is that this information is vulnerable to loss, theft or cyber-attack; in which case the record could be lost forever.

“There may be increasing tolerance in the workplace for people having to check their devices for details, but few will appreciate having to hold a meeting for a second time as people can’t remember what was said. Digital Amnesia in the workplace represents a risk – but also an opportunity," said David Emm, principal security researcher at Kaspersky Lab.

"It reminds us that devices and people work best when they work in partnership, one capturing the facts, the other the feelings that give them meaning. Protecting all devices that are used to support memories and understanding should be a priority for businesses of all sizes and in all sectors.”

Check Also

McAfee Enterprise and FireEye launch with Amazon Inspector

 McAfee Enterprise and FireEye have released new cloud security capabilities on Amazon Web Services (AWS) …