Smaller companies are becoming prime targets for cybercriminals, according to a cybersecurity expert.
James Hoyt said the most common types of cyberattacks are largely centered around social engineering.
Hoyt, who is the president of General Data IT Professionals Ltd., said cybercriminals are increasingly using fairly simple yet highly effective tactics to gain access to sensitive information.
“The way we sum it up sometimes is to say when a cybercriminal gets tired of trying to hack in, they’re just going to phone in, and that’s a simple way to put it,” Hoyt said in an interview.
“It could be as simple as receiving an email asking you for your username and password in order to access a file that somebody shared with you.”
The shift toward targetting smaller companies comes as larger corporations tighten their cyber defences, making it harder for criminals to get in.
Hoyt said it is important for businesses of all sizes to understand cyber threats and how to reduce their risk.
“Prevention is key, and the key to prevention is training, awareness, and management buy-in to some sort of a cybersecurity framework,” he said.
If you do fall victim to a cyberattack, Hoyt said the plan of action will depend on the type of attack in question.
In the case of ransomware, where a criminal will encrypt files and demand money, Hoyt said the likelihood of unencrypting the files is nearly zero.
“As far as paying the ransom, it’s generally discouraged in the industry because it adds to the cybercriminal’s business proposition. It encourages them to try it again,” he said.
“The same amount of funding put toward rebuilding your network from scratch, while again it seems like a lengthy option, is probably more suitable. It gives the victim an opportunity to rebuild things the right way.”
At the end of the day, he said you should bring in a qualified IT or cybersecurity expert to remedy the situation.
Hoyt also recommends checking out the Baseline Cyber Security Controls for Small and Medium Organizations publication from the Canadian Centre for Cyber Security for more recommendations.