There’s a dirty little secret in the hacking community. While the “big score” can be had by going after Fortune 500 and multi-national companies, the odds of success without getting caught are slim. The easy money is had by going after small businesses.
Hackers Target Small Business:
Hackers know that small businesses often don’t have the resources or expertise to properly secure their systems. Whether it’s your own network or your hosted website, they are being scanned non-stop by potential thieves looking for weak passwords or security holes. Once they gain access, they will often install difficult to detect software that will intercept all data being transmitted and forward it on to their own site.
Stealing credit card information that can be re-sold or used to make purchases is the primary goal. Identity theft and gaining access to online bank accounts are close behind.
A 2010 survey by the National Retail Federation and First Data Corp. of small- and medium-size retailers in the U.S. found that 64% believed their businesses weren’t vulnerable to card data theft and only 49% had assessed their security safeguards. Talk about nice, ripe low-hanging fruit for the hackers…
On the web site front, current statistics estimate that every .65 seconds, a web page is infected with malware.
An agent in the FBI’s cyber division says that hackers targeting small businesses are a “prolific problem.” And, “It’s going to get much worse before it gets better.”
Proper security is all about creating multiple levels that have to be broken through. Think of a burgler approaching two houses. One is protected by a ten foot wall. The other has a ten foot wall, a ten foot barbed wire fence and a moat with man-eating piranha swimming in it. Which house will he try to break in to?
So, if you own or manage a small business, what do you do?
1) First priority should be installing a proper firewall, which does not mean a $99 home firewall you bought in the local office supply store. It also means hiring a professional IT technician to install and configure it. This is NOT a do-it-yourself job.
2) Don’t be lazy with passwords. Use strong passwords that are combinations of letters, numbers and special characters.
3) Every system needs to be running anti-virus and anti-malware software. While no one program is perfect, running without it is the equivalent of a hole in your barbed-wire fence.
4) Don’t skimp on backups – back up your systems daily at the minimum. And that includes your web site. Is your site being backed up? How often? Look into a free service from CodeGuard.
5) Talk to an IT security professional. In this technology crazed, always-connected world we live in, many people feel they know enough to “do it themselves and save money.” There are many areas where that may be true, but this isn’t one of them.
For the most part, you’ll only hear about computer security breaches when they involve large companies and thousands of potential “victims.” There may only be a handful of these every year. But every day, smaller businesses are being hacked and in many cases, enough damage is inflicted to close down the business. Don’t let that happen to you.
If you would like to read some more about this topic, including some real world examples of small businesses under siege, here are some good articles to check out:
Hackers Shift Attacks to Small Firms – Wall Street Journal
New Cyberattacks Target Small Businesses – USA Today