Hackers are expanding their sights beyond the large multinational companies to small business owners. A recent survey conducted by Symantec and the National Cyber Security Alliance found that 77 percent of small business owners in the U.S. believe that their company is safe from cyber criminals and 83 percent of them don’t have a cyber security plan.
However, the threat to small businesses is greater than ever. The Secret Service and Verizon Communications, Inc.’s forensic analysis unit, which investigates cyber attacks, cites that a majority of their responses to data breaches over the last couple of years have been at companies with 100 or fewer employees. Visa, Inc. estimates that approximately 95 percent of the credit card data breaches it discovers each year are on small businesses.
Hacking small businesses is big business and unfortunately, it is going to get worse before it gets better.
The reason for this is three-fold. The first reason is that a majority of small companies have now gone to computerized systems, digital record keeping and conduct most their financial transactions online. The second factor is that most small companies don’t have the resources (financial, tools and manpower) or the time to fully secure their businesses from today’s ever-changing and increasingly sophisticated threats. The last and most significant factor is complacency. Most small business owners have the unrealistic mindset that this isn’t going to happen to them. After all, what could a hacker possibly want with a small company anyway? These high-tech criminals want their bank account information, employee lists, including social security numbers, and their customers’ credit and debit account information.
Typically, cyber threats on small businesses come from several sources, the most popular being outside the organization and from within the organization when an employee or an ex-employee steals data. Most financially motivated attacks rely on computer code that the hackers plant on victims’ computers, often as attachments or links in emails sent to employees. While these malicious programs are well known to security experts, the hackers tweak them frequently to render them undetectable to antivirus software.
The bottom line is, the costs of a breach can put a small business out of business. Unfortunately, there is no silver bullet. However, the following is a list of best practices for small business:
-Use secure web browsers.
-Maintain up-to-date firewall and antivirus protection as well as an intrusion detection system.
-Establish policies that stipulate how and when employees can access the Internet, especially when accessing the computer system from home or a mobile device.
-Run automatic computer updates.
-Never open emails, attachments or links from unknown sources.
-Never have sites remember passwords or financial information.
-Shut down computers when not in use.
-Businesses that use online banking for wire transfers and ACH origination should have a dedicated computer for those functions.