Never too Small for Hacked - Cybersecurity

Warning! Even Small Businesses Attract Hackers

A New Jersey small business didn’t see it coming.

Eastern European cyber criminals spent months quietly gathering the company’s customer credit card data until the store’s payment processing vendor connected the dots to a series of fraudulent charges back to their family-owned business.

As if the shock of being hacked wasn’t enough, the bad actors made off with nearly $3 million in bogus charges. In a final blow, the store was fined $300,000 for the security breach.

Then there’s Rokenbok Education, a small business featured in a recent New York Times article.

At the height of the holiday season, this innovative toy business got an unwelcome visit from the Grinch! Hackers encrypted the company files, stopping business until the toymakers paid a huge ransom. In just two days they lost thousands of dollars of customer business.

These stories reflect what small and medium-sized businesses in Wisconsin, Minnesota, and Iowa deal with every week.  Unfortunately, by the time they have an issue and call for assistance, more often than not, it is too late.

Attacks continue to rise.

Business leaders in industries of all sizes are saying cyber-attacks are no longer a matter of ‘if’ but ‘when’ and most won’t know they’ve been hacked until it’s too late. Small businesses have seen the greatest rise with 71% of cyber-attacks occurring at businesses with fewer than 100 employees. 

Breaches can come in many forms including:

• Ransomware – malicious software, such as Cryptolocker, that highjacks company data until a ransom is paid.
• Hack attack – data is breached through a business’ poorly secured network.
• Denial of service attack – the malicious takeover of a company’s website by pushing a massive volume of data to its servers, until the network is overwhelmed.
• Human error – careless data breaches that place information in the wrong hands.

Cyber-criminals know their targets.

Hackers are smart and know that small businesses generally have fewer defenses than larger organizations.  Cyber security experts say small businesses often lack the resources to upgrade security such as: anti-phising email capabilities, data encryption, or off-site backups for their websites. Nationwide Insurance commissioned a survey of 500 small businesses in late 2015 that revealed, “eight in 10 small businesses don’t have a basic cyber-attack response plan, even though a majority have been hit by cybercrimes.”

Protect your business.

Information is power. Here are a few measures you can take to increase security.

1. Educate your employees. As gatekeepers of your organization encourage them to use complex passwords. Teach them how to spot a phishing email and to take time to carefully check each email before clicking on it. Also, remind them to keep a ‘clean desk environment’ to prevent prying eyes from viewing confidential information.

1. Verify and confirm financial requests rather than rely on e-mail to start or complete a transaction—no matter whether it’s for clients, vendors, banks or employees.

1. Invest in basic ‘business-grade’ IT security measures such as: a firewall, antivirus, spam filtering and updated software through regimented Microsoft and third party patching to help prevent the most current threats.

1. Practice cyber hygiene to secure all devices in your company network including cell phones and tablets—especially those your employees bring from home.

1. Make plans for responding to a cyber incident and practice it with your employees.

1. Contact your Errors and Omissions (E&O) insurance agent to make sure your policy includes cyber coverage.

Much to both the joy and distress of businesses, advanced technology has a double edge sword. It enhances your ability to build a successful company, yet it offers hackers many options for stealing the fruits of your success. That’s why knowing your vulnerabilities to a cyber-attack is critical.

Don’t be shaken by cybercriminals. If you need professional assistance, consider hiring a managed security service provider (MSSP) to do a security vulnerability assessment of your business. They can put you in the hacker’s shoes and show you how they view your business. and how to improve your defenses.

As your business grows, they can also provide valuable security expertise. Think of it like taking your car in for a mechanic check before taking a road-trip—or having your furnace inspected before winter comes.  As Ben Franklin famously said, “An ounce of prevention is worth a pound of cure.” Ben’s words have never been more true than with IT security.