How to prevent DDoS attacks, phishing, and other cyber threats
Cyber threats like denial-of-service attacks and phishing can hurt your reputation and your bottom line. Follow these steps to protect your business and your clients against cyber crime.
How do DDoS attacks work?
A distributed denial-of-service (DDoS) attack overwhelms the target server, service, or network with a flood of traffic from a network of devices infected with malware. These attacks block legitimate traffic by overwhelming the target host with fake traffic.
When your (or your client's) server, service, or network is under DDoS attack, customers or employees can’t access your website. Instead, they’re hit with a denial of service alert. A DDoS attack can cause a business interruption that can cost you money and undermine the trust of your clients or customers.
How to prevent a DDoS attack
Businesses of all sizes and industries can become a target of a DDoS attack. However, tech companies are targeted more frequently than any other business type.
Competitors might launch DDoS attacks on you or your clients in an attempt to block transactions and steal business. Or, hackers could hold your data or systems hostage in an attempt at cyberextortion. DDoS attacks can even be a diversion to conceal a data breach.
You can mitigate these attacks by taking the following protective measures.
Have a response plan in place
A DDoS attack can hit you or your clients at the most inopportune times, like in the midst of a product launch or major company announcement. Even if you don’t think your server would normally be a target, it’s important to have a response plan in place just in case something happens.
Make sure your plan includes a response team who can counter an attack and serve as an authority for affected clients to turn to. It should also lay out notification and escalation procedures for clients, with detailed information about how to recognize and report an attack.
Your internal plan should include detailed information about relevant security applications and insurance policies, as well as the “chain of command” during the attack.
Protect your business and clients with the right technology
Without the right security applications in place, it’s very difficult to separate malicious traffic from legitimate traffic during a DDoS attack. Attackers will do everything they can to blend in and keep you from stopping the attack, but a layered solution will help protect against complex, multi-vector DDoS attacks.
How phishing puts tech businesses at risk
Phishing is a cybercrime where a person posing as a legitimate contact attempts to steal sensitive data from targets by email, phone, or text message.
Many phishing accounts target small businesses by impersonating a business's contacts, vendors, or clients and asking targets for their business’s banking details, credit card numbers, or online passwords.
Stu Sjouwerman is founder and CEO of KnowBe4, a company that provides security awareness training and maintains the website Phishing.org. He says that phishing attempts fit into two categories: negative consequence or positive incentive.
The first type goads victims into action by encouraging them to act to prevent something bad from happening. "That can be, 'Don't get locked out of your email account,' or 'You're running out of space on the mail server,' or 'You need to verify your credentials for Microsoft 365,'" says Sjouwerman.
The second offers a positive incentive for victims to click, such as a prize or discount. For example, many people fell victim to the Facebook phishing scam that asked targets to complete a survey in exchange for a $75 Bed, Bath & Beyond coupon. The survey mined their personal data – and never delivered a coupon.
Both your employees and clients can fall victim to phishing attacks. In both cases, you could end up paying for it.
By training employees and customers to recognize phishing attempts, your business and clients can avoid the negative consequences of sharing sensitive data with malicious sources.
How to prevent a phishing attack
Two-thirds of businesses experience a phishing attack every year. To avoid these attacks, it’s important to stay on top of the latest phishing methods used by people trying to steal sensitive data.
Help your employees and clients avoid phishing scams by taking the following measures.
Share information about phishing tactics with employees and clients
"Security technology is evolving to detect phishing, but threat actors are always adapting," says William MacArthur, a threat researcher for RiskIQ. "They notice patterns by anti-phishing groups and alter code and use redirects to bypass the detection logic of these systems to continue to deliver their phishing payloads."
Phishing attempts often look like work correspondence. They may be from someone asking you about a project, or including you in an email chain discussion of work-related topics (e.g., website issue, payroll problem). Targeted attempts might reference LinkedIn contacts, like actual vendors, to build legitimacy.
Your employees and clients may be dealing with a phishing scam if:
- an email references a project they haven't heard of
- they're asked to click an email link or open an attachment
- they don't normally get emails from the sender
- an email uses generic language, referring to things like "the team" or "the project" and is excessively vague
The attachment may look benign. The old refrain was "don't open any .exe attachments," but hackers are using all kinds of attachments to trick users. In fact, 48% of malicious email attachments are now Microsoft Office files.
Not all phishing attacks are emails. While 70% of targeted cyberattacks still involve email, an increasing number involve other platforms. MacArthur says, "Phishing has spread beyond the inbox to mobile apps, social media, and instant messaging platforms and replicates exactly the apps we trust with sensitive data every day to fool people.”
Ask employees to alert each other to phishing attempts
Taking time to discuss real phishing attempts on your business and clients is a good way to stay on top of evolving techniques. It also helps prepare employees for targeted attacks tailored to their business or job role. Ask employees to share screenshots of phishing attempts (not forward the email).
Run a simulated phishing attack
Thirty percent of phishing emails are opened by the person who is targeted.
You can simulate an attack on your business (or your clients, with permission from their leadership) to test employees. The results of the attack can help you educate your employees and clients on phishing prevention.
Protect your tech business with cyber liability insurance
Cyber liability insurance is a crucial part of a cyber crime protection plan. It helps cover the cost of recovery if your business suffers an attack, and it can protect against client lawsuits over attacks, too.
TechInsurance helps IT and tech business owners compare quotes for cyber liability insurance and other policies with one easy online application. Start an application today to find the right policy at the most affordable price for your business.