4 common security threats and 5 steps to protect your business

Cyber-attacks have become more sophisticated and automated, approx 4,000 Cyber-attacks occurs every day. Large enterprise adopting Big data and Artificial Intelligence to protect digital assets from security threats but Small and medium business are more vulnerable to attacks due to lack of awareness.
Security threats are evolving more complex to identify, Singapore is one of the world’s safest country that nowadays one of the targets as matured adaption on internet usage. We must continue to innovate and build new capabilities to meet Singapore’s security needs and protect from vulnerabilities.
While every Small and Medium Business needs more effective cyber-security skills and it is the high priority with the growing use and ease of access to the Internet.
The 4 most common threats

- Ransomware attack happens when a virus is put on a computer and locks the user out of the systems that allow them to access their data.
- Phishing a type of social engineering is currently the most common method used to infect a system with ransomware and steal account credentials.
- Business email compromise (BEC) attack include spoofing the email accounts and websites.
- Distributed denial of service (DDOS attack) is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
Follow the best practices to protect your digital assets in an ever-challenging threat landscape.
An internationally recognized standard NIST Cybersecurity Framework is a process to improve the cybersecurity of your organisation
The 5 steps of NIST Cyber-security Framework
1. Identify key assets
Identify and control who has access to your business information and the require individuals user accounts for each employee. Cloud services can be a great tool for small businesses since you don’t have the time, money, or staff to handle all your cybersecurity needs on your own. Employee timesheets and project management tools are also popular cloud services. Security and network monitoring tools provide antivirus and website monitoring for threats.
2.Protect data and accounts
Cybersecurity education and awareness training to your employees need to become a routine part of doing business. It’s about paying attention, being prepared, and educating the humans in our organization. Use Limit employee access to data and information.
Educating yourself and your co-workers about social engineering and phishing attacks can improve your security. Use encryption for Sensitive business information and secure your wireless access points and networks
How to prevent a phishing attack?
Email is not the only place to watch for phishing attempts. Bad guys know how much time we now spend on our phones, so they’re now phishing us by text or through apps. If you get a text that you’re not expecting, just delete it, especially if that unexpected text has a link or asks you for information. If someone really needs you, let them call you. Fake websites can also phish sensitive information out of an unsuspecting user. The website opendns.com has a free online test to see if you can spot a fake website, refer the digitalattackmap.com, run by Google Ideas, Arbor Networks, and Big Picture Group, has advice on best practices to protect websites from DDoS attacks.
3. Detect a breach
Would you be able to detect a hack on your website? When a hacker first breaks into a system, they usually spend time looking around before stealing anything. Humans cause up to 90% of breaches. Train your staff to report concerns like phishing emails and lost items quickly as a part of your detection plan. Since most breaches happen through phishing and/or lost items, encourage staff to report either issue as soon as they notice a problem. A strong organization will have trained their staff in security protocols, so they’ll notice when something feels fishy. Kindly install and update anti-virus, anti-spyware and other anti-malware programs. Cybersecurity is about paying attention, being prepared, and educating the humans in your organization.
4. Respond to a cyber breach
Develop a Plan for disaster and security information. Every Company, regardless of size, needs a response plan. To create your business response plan, just start by putting in your company name, city, and state and check off which of these topics you want to have covered in your response plan. A solid response plan can save a business money and the people you want by your side during a breach. Having a lawyer review it with an eye on liability for your specific business type is also a good idea. Your cybersecurity response plan is a living document that needs to be reviewed and practised throughout the year. One suggestion is to bring together staff quarterly to review and practice the plan.
5. Recover
Make full backups of important business data and information and continue to schedule incremental backups.
Cybersecurity Insurance:
Your business most likely already has multiple insurance policies. A new threat of cyber incidents impacting business continuity and liability, a new, or add-on, insurance plan is necessary for any size business. Make sure well-reviewed cybersecurity insurance policy in place before an incident. The return on investment will be priceless.
Reputation management:
Online business ratings are just one good reason for you to take cybersecurity seriously.
Do you think those online reviews about poor security could shut down a business?
The Better Business Bureau considers non-disparagement clauses to be contrary to its mission of an ethical market place where buyers and sellers can trust each other. The BBB Code of Business Practices prohibits accredited businesses from using them. If your business uses social media to communicate with customers and the community. the Small Business Administration Social Media Cyber-Vandalism Toolkit is a document you want to look at and utilize.
Be always have a plan for reputation management in place before a breach occurs.
Please evaluate your existing security practices, optimise and protect to evolve.
Cybersecurity education and awareness is a lifelong commitment for each business. See how Cybersecurity Framework useful for small and medium businesses and the best way to avoid becoming a victim of phishing is to just slow down a bit and be cautious.
International Campaign has a very simple message