Small to Medium Business IT News – Spring 2021
Every once in awhile we like to update the SMB sector with news from the IT world. Why should you care? Because current events in the tech sphere may absolutely have an impact on how you conduct business from an IT perspective as you move forward in the year. Today we take a look at what’s happening this early spring season of 2021.
Important News from the World of IT that Your SMB Needs to Know About
Hackers Using LinkedIn to Exploit Vulnerabilities
At the onset of April, IT World Canada reported on a new cyber threat that is making its way around LinkedIn. It is targeting job seekers. Why is this relevant to you as an SMB? Because know it or not, people within your company are actively seeking work elsewhere, and they do it while at your place of business. All it takes is one bad day at the office to instigate a casual job search on LinkedIn. Even if they aren’t all that serious about it, they feel it doesn’t hurt to kick a few tires to see what’s out there.
The cyber threat works as such; The cybercriminal discovers a target on LinkedIn and generates a malicious attachment named after the target’s current job. For example, if a person’s current job title is “Senior Production Manager – Film Industry” a malicious zip file would be created with the title “Senior Production Manager – Film Industry position.” The job seeker would find this so serendipitous that they couldn’t help but open the attachment to learn more. When they do, an MS Word job application form is downloaded. Not only does this provide the hacker with an opportunity to grab sensitive information (Social Security number, educational background, and so on) to execute a successful phishing scheme, it also triggers the download of malware and other malicious plugins and provide hands-on access to the target’s computer. And because it leverages normal Windows processes to execute, it’s unlikely to be recognized by traditional antivirus (AV) and automated security solutions.
What can you do? For one, let staff know about the existence of this particular scheme. At the very least it will keep them off LinkedIn job search when at your place of business. In addition, invest in more robust cybersecurity tools that employ artificial intelligence (AI) and machine learning, which is far superior to common AV and firewalls that are not able to keep up with advanced threats.
Hackers Hit Canada at Home…Hardware
We spend a lot of time warning businesses about phishing schemes – it’s the number one form of cybercrime against small, medium, and large businesses alike. On April 2nd one of Canada’s largest privately-held dealer-owned hardware retailers acknowledged it was the victim of a ransomware attack that occurred in February. This may have a large impact on the customers of the 1,100 (est.) independent small business operators (HH is dealer-owned) throughout Canada.
One implication is clear for your SMB – safeguard against phishing schemes by investing in more secure IT support, especially if your industry makes you a top target. But there is another implication of this recent news. The retailer alerted the media on April 2nd of an attack that occurred in February. For the sake of fairness we’ll assume that the reputable retailer informed the Privacy Commissioner of Canada along with customers in a timely manner. However, this is not always the case. It’s important for SMBs to understand the implications of not doing so, as per the 2018 update to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
According to PIPEDA, it is mandatory for SMBs (or any organization) to abide by the following obligations immediately after a security breach:
- Organizations must report all breaches of security safeguards involving personal information that pose a real risk of significant harm to individuals to the Privacy Commissioner of Canada.
- Organizations must also notify affected individuals about those breaches.
- Organizations must keep records of all breaches
Many SMBs are not aware of this, and prefer to keep breaches “hush hush” for the sake of saving face and avoiding a PR backlash. But doing so, puts them at direct risk of punitive damages that could lead to financial ruin – up to $100,000 per violation!
So not only does your SMB need to secure outside IT support to tighten up security, you will want to run an audit of your data privacy compliance initiatives and ensure that you have a protocol in place to accommodate PIPEDA should a breach occur.
The above SMB IT news is just a small snippet of what is going on in the world of technology. To protect against threats and capitalize on the opportunities that new tech creates we encourage you to contact SAV Technology for a consultation.