Cybersecurity for small business
byJuly 21, 2015
How is it that a giant company like Target was the victim of one of the biggest computer hacks in history?
Blame a small business.
If you are at all like me, when you heard a couple of years ago that Target had been hacked to the tune of some 75 million customers accounts, you had to wonder how such a big corporation with the attendant security protocols and protections could have been vulnerable to cybercrime.
Well, it turns out that Target was well protected and did much to safeguard the confidential information (credit card numbers, etc.) of its customers. In fact, the bad guys knew this, but also knew that small businesses as a whole do not take cybersecurity very seriously, don’t have much software protection at all, and as such, are the ones who are most susceptible to cyber attacks.
In the case of Target, the hackers used that knowledge to find a vulnerability in the computers of one of Target’s small business vendors and stuck malware there. Then, when the small company logged into the Target system to submit its invoice, the malware infiltrated and infected Target’s system.
In most cases, when a small business is a victim of cybercrime, it is the one who is usually the victim. For example, a surf shop in California had its customer database erased and its bank account bled dry. It went out of business. That is typical, common even, when you consider that 60% of all cybercrime is now directed at small business and last year, 5,000 new phishing, viruses, and vulnerabilities were discovered by IT experts. Over $100 billion was stolen from small business via cybercrime in the past year alone. One expert calls it “The biggest crime spree in the history of America.”
Cybercrooks attack small businesses in many different ways:
- In one common tactic, crypto-locker software is installed on the small businesses computer, locking it up. Unless the victim pays a ransom of, say, $500, the database is destroyed.
- In another scam, keylogging software is surreptitiously installed on the computer and when the owner logs into, say, his bank, the keystrokes are recorded and later used to drain the account.
- Another common tactic is to set up phony social media sites in order to hijack a businesses’ social media accounts.
Think about what you have secured on your office and computers, what you need to protect: Your customer accounts, credit card numbers, bank account info, intellectual property, and much, much more. You simply have to take cyber security seriously now.
Here are a few things you can do to protect your business:
- Know that you are a target: Because of social media, it is easy for a criminal to find out a lot of very personal information about you. They can then use this to create trust. For example, say you get an email from someone with a link and it says, “Our mutual friend Gary Sherman says you love Michael Jackson too. I thought you might like to see this rare footage.” You click the link, only it’s a faux site, infected with malware.
As Ronald Reagan said about the Soviets during the Cold war, “Trust, but verify.”
- Practice good password management: You know the drill, but do you do it? Having the same password on all of your accounts is very dangerous, and not having a good mix of characters and letters is equally shortsighted. A good software system can create and log secure passwords for you.
- Get good cybersecurity software. The most important thing you can do is to install a suite of cybersecurity software on your computer, mobile devices, everything. Do it. Now
I recently created a series of videos to help small business with this very problem. You might want to check out my Top 5 cybersecurity tips for small business – after you buy that software!
USA TODAY, Small Business Columnist
Author, The Small Business Bible