About one in seven people in Europe And the United States εfiberself-employed, i.e. people who often realize their dream of being their own boss and having more freedom and control over their career. But, "bundled" with greater freedom come additional risks.
This in IT often means there is no support from an IT department, which most salaried employees take for granted.
«Εάν διευθύνετε τη δική σας επιχείρηση, βρίσκεστε στο στόχαστρο των κυβερνοεγκληματιών που προσπαθούν να βάλουν χέρι στα χρήματα σας, τις ευαίσθητες πληροφορίες των πελατών σας και ενδεχομένως ακόμη και την πνευματική σας ιδιοκτησία» προειδοποιεί ο Phil Muncaster από την ομάδα της παγκόσμιας εταιρείας ψηφιακής ασφάλειας ESET. «Το κλειδί εδώ είναι να κατανοήσετε τους κινδύνους και τον τρόπο που θα οικοδομήσετε την ανθεκτικότητα της επιχείρησής σας. Κανένας επιχειρηματίας δε θέλει να σπαταλάει το χρόνο του αντιμετωπίζοντας τις συνέπειες μιας infringementς, αντί να τον χρησιμοποιεί εποικοδομητικά για την ανάπτυξη της επιχείρησής του».
What's at stake?
“The bottom line is that cybercriminals want to make money. And in general, they can extort or steal more money from businesses - no matter how small - than they can from individuals," says Phil. But threat actors are also largely opportunistic. That means they go after the… “ripe fruit” – that is, online accounts that aren't properly protected, devices that don't have security software installed, or computers that aren't running the latest versions of operating systems, browsers, and other software.
"There is very little publicly available data on the volume of breaches affecting freelancers," says Muncaster. However, it stands to reason that with fewer resources and little or no IT support, they will be more exposed to cyber threats. Consider how the following could affect your business:
- A ransomware attack that cuts off access to your business files, including those stored in the cloud.
- An attack where cybercriminals steal and threaten to leak your most sensitive files and/or sell them on the dark web.
- Επιθέσεις κατάληψης λογαριασμών μέσω κλοπής code πρόσβασης ή τεχνικών “brute force”. Ο εταιρικός λογαριασμός που έχει καταληφθεί θα μπορούσε να χρησιμοποιηθεί σε επιθέσεις phishing σε λογαριασμούς πελατών ή ακόμη και σε παραβίαση ηλεκτρονικού ταχυδρομείου άλλων επιχειρήσεων.
- Malware designed to collect information from your corporate bank account login in an attempt to extort money
The impact on sole proprietorship
The challenge for sole proprietorships is not just limited IT resources. There is arguably a greater impact on corporate reputation and bottom line, which is harder to recover from. Customers may not lose much if they leave after a serious breach – especially as business relationships are often informal.
"Not to mention possibly the biggest direct impact of a serious cyber security incident on an individual business: the loss of business productivity," says ESET's Phil. The time a sole proprietor has to spend cleaning up their company's IT systems and recovering from a serious cyberattack is time they can't spend serving their customers.
How to keep your business safe in cyberspace
According British government data, only one-fifth of the country's very small businesses have a formal security strategy. However, the average cost of breaches over the past 12 months was estimated at over £3.000 (€3.508), which could be a significant expense for companies of this size. That's why sole traders should take some time to get the security basics down, focusing on the following preventative measures. Let's see what Phil Muncaster from her team suggests ESET.
- Create copies security of critical ones data: This means you must first determine what is important enough for your business, and then choose a backup solution. Cloud storage (eg OneDrive, Google Drive) is a useful option as backups are automatic and there is no need for an initial investment in hardware. Most major providers have features that allow you to roll back from previous versions even if the ransomware spreads to your cloud data. However, for added security, it may be worth backing up to a removable hard drive as well and ensuring that it remains disconnected until needed.
- Install software anti-malware: Choose a product from a trusted vendor and make sure the licenses cover all computers and other devices. Make sure you turn on automatic updates so you're always running the latest version.
- Keep all computers and devices up to date: Make sure all operating systems and software you use are up to date with the latest version by enabling automatic updates. This means they will be up to date against the latest exploits.
- Keep accounts safe: Use only strong, unique passwords, stored in a password manager, and enable it two-factor authentication where possible (social media, email, cloud storage, router, etc.). This will mitigate the risk of phishing, brute force password cracking and other attacks.
- Protect your mobile devices: Do not download apps from unofficial app stores. Make sure devices are locked with strong password or a reliable biometric authentication method and that they can be located and deleted remotely in the event of loss or theft.
- Create a plan for when things might go wrong: This “incident response plan” need not be exhaustive. Just know what IT services your business relies on and have a handy list of contacts you can reach if the worst-case scenario happens. This will speed up recovery times. Keep a hard copy of the plan handy in case the systems go down.
Above all, awareness is key. By simply reading this article, your business will be in a better position. Apply the above best practices to keep your business safe from malicious actors.
