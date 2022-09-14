My last column began a focus on cybersecurity for small businesses, a major concern for small business CEOs and a serious threat to their operation.

Some 76% of cyberattacks occur at businesses with fewer than 100 employees. Cybercriminals know small businesses tend to be easy targets, and that accessing a small business’ computer network often gives them access to client and vendor networks, too.

While digital transformation offers many benefits, it also comes with many challenges.

First, you must become aware of the three most common cyberthreats. Cyberthreats grow more sophisticated every year. Here’s what to watch out for.

Ransomware: Hackers get into your system and hold your data hostage until you pay a ransom. If you don’t pay, your business is out of commission. Ransomware cost companies $11.5 billion in 2019. That’s expected to rise to $17 billion in 2020 and $20 billion in 2021. Cybercrooks use various techniques to blend in.

Cybercriminals use obfuscation to conceal information such as files to be downloaded, sites to be visited, etc. They also focus their attacks on critical infrastructure. Malicious files often coming from software downloaded from URLs that were not whitelisted.

One thing that must be watched are the distribution models. Attackers are discussing on underground forums to how to monetize internet of things – everything from your digital thermostat to that Alexa in your livingroom – infections.

Business Email Compromise: BECs are scams targeting companies that conduct wire transfers and have suppliers abroad. Since 2016 more than $9 billion has been lost to business email scams. Email accounts of executives or high-level employees are either spoofed or compromised through keyloggers or phishing attacks to do fraudulent transfers. According to the FBI, there are five types of BEC scams.

The bogus invoice scheme has attackers pretend to be foreign suppliers requesting fund transfers for payments to an account owned by fraudsters.

In CEO fraud, attackers pose as the company CEO or other executive send an email to employees in finance, requesting them to transfer money to the account they control.

An account compromise is where an employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are then sent to fraudulent bank accounts.

An attorney impersonation has attackers pretend to be from the law firm supposedly in charge of crucial and confidential matters. These requests often are done via email or phone, at the end of the business day.

Finally, data theft is when employees in HR and bookkeeping are targeted to obtain personally identifiable information or tax statements of employees and executives. Such data can be used for future attacks.

Because these scams do not have any malicious links or attachments, they can evade traditional solutions. Employee training and awareness can help enterprises spot this type of scam.

The FBI has issued a warning anticipating a rise in BEC schemes related to the COVID-19 pandemic. “Fraudsters will take advantage of any opportunity to steal your money, personal information, or both. Right now, they are using the uncertainty surrounding the COVID-19 pandemic to further their efforts.”

There has already been an increase in BEC frauds targeting municipalities purchasing personal protective equipment in the fight against COVID-19, the FBI states. Most of the recent BEC attacks were targeted at financial institutions or banks.

Cryptocurrency mining: These hackers don’t care about your data. They just want to get into your computer system and use its resources to mine cryptocurrency. These attacks target tablets, smartphones, routers, printers and IoT devices— any device with computing capabilities they can leverage.

In summary, you need to be aware of these common threats. The next step is what can you do about these to protect your business.

Dean Swanson is a volunteer Certified SCORE Mentor and former SCORE chapter chairman, district director and regional vice president for the North West Region.