If You Think Your Small Business Is Immune to a Hack, Think Again

By: Bill Walter

When you’re immersed in running your business day to day particularly when the cash register is ringing it’s easy to put network security on the back burner. Who wants to worry over a cyberattack that might not even happen?

Do you think your small business won’t ever be the victim of a cyberattack? Think again. While big businesses like Yahoo, Target and Equifax have suffered breaches, hackers have small businesses in their crosshairs, too. The numbers don’t lie. Check out these (alarming) statistics:

  • 43% of cyber attacks target small businesses
  • 60% of small businesses that suffer a major breach end up going out of business
  • 50% of small businesses have been the victim of a data breach

Unfortunately, it’s not a matter of if your business will be the victim of a cyberattack, but when.

When Size Does Not Matter

When hackers look for targets, they don’t always zero in on the big fish. Remember the Sony hack? It was made possible by the weak security of both Sony AND a much smaller external vendor they used. The external vendor had administrative credentials for Sony’s network and Sony failed to disable them when the vendor completed their work. The hackers targeted the vendor and were all too happy to exploit the administrative credentials to walk in the back door of Sony untouched.

Your Cyber Security Tactics Should Evolve

Attacks change with the security landscape. Methods that worked yesterday may not work today, so hackers adapt their tactics. Likewise, your cyber security tactics need to change. Antivirus software has been your first line of defense for many years. Now, antivirus just isn’t enough.

Hackers are now bypassing the use of malicious software which is more easily stopped than other forms of attack and going directly to the most vulnerable link in the security chain. We hate to break it to you, but you and your employees are the weakest links in your network’s security.

What’s more, hackers have become sophisticated enough to know that if they intercept, spoof or otherwise fake an email from a vendor of their actual target, their chance of penetrating their target’s network is much higher.

Let’s run through a specific example. “Big” company is up to date with all its security. They have anti-virus and behavioral next gen protection, and they train their users how to avoid the common pitfalls. They do business with clients all over the country. One of their clients, “Small” company, doesn’t have all the right protection, but has a solid working relationship with “Big.”

The malicious users target Small and are able to obtain email credentials from the bookkeeper using a fake alert stating that her email box is full. Unfortunately, the bookkeeper assumes the email is real and follows instructions to “log in here to add more disk space.”

The hackers then email Big pretending to be the bookkeeper. They start the email conversation slowly and simply: “Are you at your desk?” If the recipient at Big responds, they are already 90% of the way in. The next email asks about a payment for an outstanding invoice or, if they find one in the compromised invoice, they use the real thing. At this point they send “new” bank routing information and once the money is sent, it’s gone.

What Can Your Small Business Lose If Caught Up In a Hack?

The short answer: a lot. Even if your business isn’t the main target of a hack like “Small” above you will lose the trust of your clients and vendors. If you are the source of a breach that costs your clients or vendors money, that’s bad for both of you. We all know that building a good reputation takes time. Unfortunately, you can gain a bad reputation very quickly.

Even if hackers aren’t specifically targeting your business, they will take advantage of whatever they might find as they poke around. Your best bet is to put measures into place NOW to prevent a breach, by eliminating or shrinking any data targets that can be used against your company or any company you are working with.

You and I both know that as you read this you’re thinking, “I would never be fooled by a hacker trying to get into my network.” That’s exactly how most business owners feel… until they’ve been hacked. Only then when it’s too late do they know firsthand how easy it is to be a victim of a cyber attack.

Your Business Might be a Ticket to a Bigger Target

The size of your business is not what the hackers are looking at. They are targeting any business that can get them where they want to go, and that’s usually where the money is.

How to Protect Your Business

As we already mentioned, antivirus is part of every good security plan. But a good cyber security plan covers all the layers. There needs to be protection on the email server or service. The perimeter of your network should typically include a firewall between the internet and your company. Antivirus software should be on each computer, tablet and server. The list goes on.

Recently next generation security has become cost effective for small businesses. Next gen security looks at the behavior of your network traffic. For example, if Joe User is always logged in from 8:30 to 5:00 Monday through Friday, the next gen security will raise a red flag if he suddenly logs in at 2:00AM on a Sunday.

This next gen type of security also extends to good firewalls. With the right service, the firewall can watch both incoming and outgoing traffic and automatically stop traffic that is clearly inappropriate.

The most important layer of security is between where you sit and the keyboard. (Again, yes, the big threat is you and your employees and coworkers.) Training is an essential security best practice. If your users don’t know how to recognize fake or malicious communication, your business is at risk. With the right testing and training, you can identify your click-happy workers and train them to think twice before clicking.

On a side note, the best layer of protection is having a solid automated backup solution in place and a trusty IT provider. Having a system that automatically backs up your data multiple times a day and securely replicates it offsite will give you easy and quick recovery options in the event of a failure. Failing to have the right backup measures in place, on the other hand, leaves your organization incredibly vulnerable and open to major losses.

What to Do Next

If your business has never been breached, be proud. But don’t let that lull you into a false sense of security. The threats are real and can strike anytime. All it takes is one person doing something nefarious, or someone who innocently clicks on a malicious link in an email.

It’s time to take a look at where you are with cyber security and what steps you need to follow to be better protected. Our networking team uses a tool called the Network Detective to help business owners pinpoint the vulnerabilities in their network. Schedule your free session with the Network Detective, or contact Bill Walter at 410.685.5512.

Published December 11, 2017

Webinar Recording

Cyber Security Wake-Up Call: What’s Putting Your Organization At Risk?

Cyber Security Wake-Up Call Screen Play (1)

Small Businesses — Be On the Lookout for These Cyber Threats

If you think you’re immune to cyberattacks as a smaller-sized business, you’re wrong. Attackers don’t just pass small...

Threats and Vulnerabilities to Monitor This Cyber Security Awareness Month

Have you ever received an email from an unfamiliar source and wondered, “How did they know that information?” or “How...