SMEs Cyber Security Awareness

SMEs face a severe issue when it comes to cyber security, the issue faces all kinds of organizations, from big companies to small and medium enterprises. SMEs are usually targeted because of the less secure security protocols which makes them vulnerable to attacks that might lead them to close business or damage the business reputation. In the following research we shall cover how to improve the SMEs security and the importance of investing finance to purchase proper tools to protect them from being easy targets, we shall also cover the challenges that SMEs face, when it comes to cyberattacks and the various types of attacks that can occur. We will also cover on how to improve user awareness and how to prevent being a target in employee’s personal life and career.

Definition of User Awareness in Cyber Security

It’s important for a small company to teach their employees on the risks of cyber security as it has a severe impact in their personal lives and career. The employees should be educated on how to conduct themselves when entering a world wide web platform as it can be very dangerous in their personal lives and in return can affect their careers in the work place environment. Small companies should gather together to educate themselves and their staff on the importance and risks of cyber security. Certain attacks can lead to health issues with employees, i.e. stress and migraines due to be the victim.

SME Challenges

The challenges that SMEs face is a wide range of various attacks that they exposed to when they don’t take proper precautions to set up a proper protocol for the organization, the important of having a proper well-structured framework for guarding their assets is very important as it’s the back bone of the company security. These are the challenges that they face: targeted attacks, ransomware, dos attacks, BYOD, insider exfiltration and business processes outsourcing.

SME Attacks

Dos attack

Dos attack prevents users from accessing the network or its resources preventing users from accessing the system. Hackers can overload the web server of the SME until the server starts having a slow response and become unresponsive to its users. SMEs rely on other websites for service or work functions and that specific website is down due to an attack then it will affect SMEs in a very catastrophic way as the SME’s will lose out on customers.

Malware Attack

Malware is also one of the issues that causes SMEs to close down business as a malware enters the business computer system without the user’s knowledge then performs a harmful task which can be from destroying the motherboard, stealing confidential information and corrupting confidential data. The Malware has evolved over time to perform specific functions such as circulation/infection which the malware is spread to several other computers via USB flash drives. The circulation/infection are divided into 3 segments of Malware which is a virus, it multiplies itself in the computer making sure that the computer performs tasks that’s are imbedded within the virus. The virus attacks applications and system program files that end with .COM, EXE and DLL, online the virus affects other files extensions like HTML, HTM and ASP. It causes a damage by replacing some or all program codes that the application consists of and replaces them with its own codes. Trojan contains a code which is imbedded within a popular program. The trojan is hides in the program until the application is launched then it performs the task that it should. (MIS 7 2017, p. 100). Worms travel in a network to other computers, they can affect plenty of computers that are on the network.

SQL Injection attack

SQL Injection is almost like phishing as the hackers will send out a SQL command that consists of a password input section such as a login page for them to be able to capture or get hold of your password credentials.

Save your time!
We can take care of your essay

• Proper editing and formatting
• Free revision, title page, and bibliography
• Flexible prices and money-back guarantee

Place Order

BYOD attack

Most SMEs lose their data due to BYOD. Employees bring their devices such as laptops, smartphones, tablets and USB which are normally not protected with an antivirus or it has no security measures to protect the data that it contains. When employees us a USB which contains a malware such as a virus, worm or trojan it can cause a huge damage to the company’s reputation or image and make it easy for hackers to attack.

Ransomware

Ransomware is one of the most effective forms of hacking that hackers use as it’s a guarantee payoff for them. An email with malware attached to it or a link is sent to a user, and once the user opens the attachments on the mails or clicks on the link the hackers, then gets full control of the system and blocks you out and requests money, so that they can release the ceased data or computer access. Ransomware comes in 3 forms namely scareware, screen lockers and encrypting ransomware. Scareware is normally a scare not an actual ransomware as its function is to scare the user to believe that the hackers have already invaded the system and pay requested funds. Screen lockers is when your completely have no access to your pc as it has frozen you out and to get back to control your pc you will need to comply and pay the ransom or if you have backed up all the data on an external then you can format the pc and reinstall your operating system. Encrypting ransomware is most dangerous form of attack as the hackers will take your files and encrypt them then after demand money to decrypt and return your files.

Insider Exfiltration

Insider exfiltration has become of the biggest problems when it comes to any business as inside information is stolen by employees via USB, key logger or other means. The employees would give hackers companies confidential information in exchange for money or can be for spiting the company. SMEs would take the biggest hit when it comes to employees giving out confidential information to hackers as the company is very small and has no proper resources to stop the attack. Employees can also lose devices like smartphones, laptops, tablets and USB with confidential data without being encrypted which makes it easier for hackers to take full advantage of the flaw itself.

Outsourcing business process

Outsourcing business process plays a similar action as insider exfiltration except that the employee gives out the process of how the business operates and gives out the type of devices and applications that the business uses in which puts the business in a predicament as the hacker has full knowledge of the process and can make out the flaws in the process making it easier for the hacker to hack and steal data.

Recommendations for Improving User Awareness in SMEs

When it comes to SMEs the owners usually don’t have much funds to get themselves equipped with the proper resources to protect their business from hackers or insiders. SMEs should make use of the resources which are provided to help SMEs such as NCSA which helps small business protect their business from hackers’ other threats that can occur and privacy breaches. BH training is other organization that helps SMEs with security courses on how to protect their data, lastly PCI security standards council teaches SMEs to mask the card number so that it will be difficult for hackers when they sniff the transaction. SMEs should invest in proper resources to protect their business data simply by Installing a firewall and configure it to their preference, they should update their operating system defense application as virus’s evolver daily, so their antivirus software definitions are updated to pick up recent viruses, worms and trojans and an installation of software to prevent unauthorized programs/applications from executing. Policies should be put in place to protect data such as a password policy and physical security measures to protect computer assets, policy for training should also be implemented. The company should prepare for the inevitable, a way of recovering after being hacked to make sure business runs normal without any delays to their clients. They should back up data so that they can recover quickly. Spam filtering should also be installed and updated so it can help in filtering emails that are untrusted from dodgy sources.

Conclusion

With hackers having so much knowledge that they share between them it puts the SMEs in a fragile position as they are always the first victims to be targeted and there’s a lot to lose from them being attacked. The form in which hackers hack is vast with different strategies of doing it. It’s important that SMEs invest in their policies for staff awareness and to tighten their security to protect their most valuable data. The most important part is that SMEs need to invest in proper equipment for such as top-class firewalls, anti-malware and provide training programs to educate staff.

References

1. Dixson, Pam and Gellman, Robert, “The Scoring of America: How Secret Consumer Scores Threaten Your Privacy and Your Future”, World Privacy Forum, Apr. 2, 2014, accessed Sep. 12, 2015. http://www.worldprivacyforum.org/wp-content/uploads/2014/04/WPF_Scoring_of_America_April2014_fs.pdf.
2. Halliday, Josh, “Facebook Users Unwittingly Revealing Intimate Secrets, Study Finds”, The Guardian, Mar. 11, 2013, accessed Sep. 12, 2015. http://www.theguardian.com/technology/2013/mar/11/facebook-users-reveal-intimate-secrets.
3. Hardesty, Larry, “Privacy Challenges”, MIT News, Jan. 29, 2015, accessed Sep. 12, 2015. http://news.mit.edu/2015/identify-from-credit-card-metadata-0129.
4. Madden, Mary, “Public Perceptions of Privacy and Security in the Post-Snowden Era”, Pew Research Center, Nov. 12, 2014, accessed Sep. 12, 2015. http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/.
5. Tucker, Patrick, “Has Big Data Made Anonymity Impossible?”, MIT Technical Review, May 7, 2013, accessed Sep. 12, 2015. http://www.technologyreview.com/news/514351/has-big-data-made-anonymity-impossible/.
6. https://www.prnewswire.com/news-releases/small-business-owners-suffer-from-false-sense-of-cyber-security-132432183html/
7. http://bahrain.smetoolkit.org/bahrain/en/content/en/57314/Bahrain-BusinessIncubator-Center
8. https://www.blackmoreops.com/2015/10/21/free-dos-attack-tools
9. http://chemindigest.com/tech-mahindra-and-iit-kanpur-to-conduct-joint-research-in-cybersecurity
10. https://www.thesecuritybuddy.com/vulnerabilities/what-is-sql-injection-attack/
11. https://healthitsecurity.com/news/4-tips-to-locking-down-securing-healthcare-byod
12. https://www.gillware.com/digital-forensics/qinynore-ransomware
13. https://www.eweek.com/security/research-half-of-enterprises-suffered-insider-attacks-in-last-12-months