News & Features | Sep 16th, 2011
Hacking Small Businesses Is Big Business for Cybercriminals
From TJ Maxx to Sony, Citibank and Twitter, the growing list of companies that have fallen victim to hackers reads like Who’s Who in American Business. That might lead small and medium sized business owners to conclude one of two things: they’re protected from hack attacks because they’re too small to be tantalizing targets. Or even if they aren’t safe, there’s nothing they can do to protect themselves.
For Cybercriminals Planning Hack Attacks, Small is Beautiful
The reality is both of these assumptions are dead wrong. And for the average business owner, both of them could prove to be fatal. According to Verizon’s 2011 Data Breach Investigations Report, small to medium sized businesses have become hackers’ main targets. Why? Because cybercrime organizations using automated hacking can steal as much or more data from them with less risk of getting caught.
Take the case of Michelle Marsico who owns Village View Escrow Inc. in Redondo Beach, California. According to the Los Angeles Times, in 2010, hackers stole $465,000 from one of company’s business accounts. How did they do it? Marsico told the LA Times that cyberthieves may have gotten access to the account through her company’s computer system. Once in, they wired the money overseas. Only about 20% of it was recovered. Marsico has gone public about what happened to her to warn other business owners.
FBI Says Hack Attacks Are Targeting Small Business Accounts
In April, the FBI issued an alert about a type of hack attack in which thieves steal the online banking login information of businesses and use it to transfer money out of their accounts. According to The Wall Street Journal, that’s what happened to Lease Duckwall, owner of Green Ford Sales Inc. in Abilene, Kansas. Last November, a hacker added nine new employees to the car dealer’s payroll and transferred $63,000 to them. Duckwall didn’t find out until the next morning. That was soon enough to have his bank freeze the funds in six of the cases. But the other three payments had already been withdrawn; and the cash had been wired offshore.
If your business network, database or website is hacked, the cost to your company could be staggering. A recent blog post on IEEE Spectrum online reported that the annual amount stolen from small business bank accounts that have been hacked is one billion dollars or more annually. To make matters worse, there’s currently no law that protects small businesses from fraudulent wire transfers. That means, if the bank can prove that it was your account that was hacked, you’re responsible.
A 2010 Symantec survey of small and medium sized businesses found that 73% of the businesses in the study said they had been targets of cyberattacks in the past year. The survey found that small to medium sized companies reported the average annual cost of cyberattacks was over $188,000. That includes everything from stolen funds and legal expenses to costs associated with notifying the company’s customers and securing its computer system.
Many cyberattacks against small and medium sized businesses use sophisticated malware and social engineering techniques that fly under the radar of conventional security tools. Remember, the cost of just one hack attack can far exceed the cost of implementing security procedures to protect your company’s online security.
Make It Your Business to Protect Your Business from Hackers
- Make sure your firewall is turned on and all your company’s software is up to date. That means everything from your operating system and your web browser to virus, spyware and malware detection software. Run frequent scans.
- Educate your employees about security procedures and policies.
- Change the default identifier and the administrative password that your router was shipped with.
- Use strong passwords for your employees – a complex combination of letters, numbers and symbols that are difficult for others to guess.
- Set your company’s system and browser security settings at medium or higher.
- Remove unnecessary data by eliminating it safely or storing it securely and regularly monitoring it.
- Have a network security audit performed to find out whether your company has any security vulnerabilities.
- Disable file sharing on company laptops used in the field. Make sure they have adequate security protection in case they’re lost or stolen.
- Make sure your company limits access to sensitive information in your network.
- Use a virtual private network solution like PRIVATE WiFi ™ for protection against hackers. VPNs encrypt the data traveling to and from your computers, making it invisible to hackers. That’s especially important when employees use personal or company laptops to conduct business at wifi hotspots and other unsecure networks.
- If your company is hacked, don’t try to hide it. Know your state’s data breach notification laws. They can require reporting breaches to customers and law enforcement officials in every state where you do business.
If your business was hacked, we’d like to hear what happened. Drop us a line and share your story.