If you’re a small business, don’t be under the illusion that you’re too small for singling out by hackers. You could be one of the growing number of small businesses who have moved into the cyber crime spotlight.
According to Symantec Security Response, 50% of all targeted cyber attacks are on businesses with fewer than 2,500 employees. In 2012, businesses with fewer than 250 employees saw an increase in attacks from 18% to 31% in just one year.
The top businesses and occupations targeted are:
- Manufacturing – received the greatest number of attacks in 2012; at 24% of the attacks, they got twice the number as government organizations.
- Finance, Real Estate, and Insurance – hit with 19% of the attacks.
- Research and Development – highest target for job occupations at 27%.
- Sales Representatives – 24% of targeted job occupations.
So what are cyber criminals looking for? When you look at the use of the stolen data, the information tells us they want trade secrets, products plans, and customer and employee data. All your proprietary information that can be used to help competitors gain an advantage or be sold to unscrupulous organizations. Your social security and driver’s license numbers, addresses, credit card numbers, health and financial history, purchase information, and other private details are up for grabs.
The news is continually warning us about data breaches that occur at all levels and includes major retailers, hotel chains, government organizations, and other businesses. In July the headlines were about the breach on government systems affecting 21.5 million people and is related to the previous month’s government breach compromising an additional 4 million with stolen sensitive information.
This government incident is “not without precedent,” and “cybersecurity in both the private sector and the public sector” must be raised, said Michael Daniel, the White House cybersecurity coordinator.
Cybersecurity has been a documented issue going back to 1997. In a cover letter to the President on the Report of the President’s Commission on Critical Infrastructure Protection, it reads, “We did find widespread capability to exploit infrastructure vulnerabilities. The capability to do harm—particularly through information networks—is real; it is growing at an alarming rate; and we have little defense against it.”
So what are we doing about it? What measures should you be taking to protect confidential business data and private personal information?
INTERPOL, the world’s largest international police organization with 190 member countries, is committed to becoming a global coordination body on the detection and prevention of digital crimes. They advise that we do two things to protect our business and personal data.
Update your OpenSSL.
For website owners, it’s important that you have an updated OpenSSL. The Heartbleed vulnerability in encryption software which is used by the majority of online web servers is leaving nearly everyone open to one of the biggest cyberattacks in the internet’s history.
Heartbleed lets its attacker anonymously download a random chunk of memory from the server, including secret keys, passwords, and other personal information. The secret keys are the most problematic because this opens the door for even more secret information to be revealed.
The bug went undiscovered for two years until being uncovered in April of 2014, and it’s predicted that the ripple effects could continue for years. Vulnerable versions are still being used on websites, most likely small e-commerce sites that don’t have the administrative support to patch things up.
If you’re concerned about a website, you can use this handy Heartbleed checking tool to check if it’s vulnerable.
Speaking of updating, keep all your software programs and websites up to date and backed up for added security.
Change your passwords.
INTERPOL says to use unique passwords for each of your online accounts and to change them often. While this may be wise in theory, in reality it’s difficult to carry out. Start by changing important accounts, ones that have financial information on them, for example.
Create strong passwords that are at least eight characters long and use a combination of letters, numbers, and symbols. Don’t use words from the dictionary (the use of symbols comes in handy here) and don’t use personal information that is readily available, such as your name, birth date, or apartment number.
What else can you do? Here are a few more preventative measures to use in protecting yourself from cybercrime.
Get two-factor authentication.
When a site offers this step, use it. If you are a site owner, enable it for your customers and subscribers. One of the largest attacks on banks occurred in 2014 when failure to enact two-factor authentication at one of the bank’s servers caused a weak point in the bank’s security, allowing the hackers to access 90 other servers in their network.
Be careful what you click on.
One of the ways hackers manage to steal information is through infecting your computer. Malware such as remote-control Trojan programs, worms, viruses, and botnets can affect computers using sophisticated techniques.
Spam email, infected files on downloads, and malicious pop-ups and links can all infect your computer, which in turn can be used by hackers to launch DoS attacks or send spam with even more malware.
Always think twice before going to a website that’s unknown to you, and if you do, type a legitimate address in a new browser tab instead of clicking on a suspicious link. Never trust an email from an unknown source.
Put barriers in place.
Utilize the best tech barriers you can afford, like this cloud-based security app for mobile phones. Anyone operating their computer without some serious security software is taking a huge risk. Install and regularly update virus protection and adware/spyware removal software programs to keep malicious applications from invading your privacy.
Good luck — it’s a digital wild west out there.
Gene Turley CPA says
Unbelievable, yes. The author signs off with “Good Luck”. But the reality is most if not all small businesses with say, “oh, not me. I have nothing any one would want.” That is so not true. Let’s just go through the economics. I’ll use the oil industry as an example. As oil supplies declined, the price of oil rose, making it economic to drill wells in new places that were otherwise uneconomic. Well, as it gets harder to hack into the big boys, there is less “stolen” information in the black market. That will drive up the price for this kind of data. Driving that value up, now makes it more profitable for hackers to look at places they had not in the past. Yes, that is small to medium size businesses.
So small business are going to be squarely in the cross hairs of hackers. Once we start seeing and hearing about smaller businesses getting hacked and their doors shuttering, then maybe the owners will take security seriously. Right now it is an expense that doesn’t bring in customers or service them.
So owner, you can press your luck or contact your local computer consulting company and talk to them about your business and develop a risk assessment. Take this assessment and develop a plan to at least minimize the highly probably and highly cost to business items.
As a small business owner you have enough to worry about, give yourself a break and at least put this issue away. Remember, security is a never ending quest, but at least you may be able to make the your life less stressful.
Kacee Erhard says
Thanks for stating the unwelcome truth, Gene. It is “good luck” followed by serious security measures, as you point out. Hard to service customers when your internet doors are shuttered – I like that analogy.