Hackers go after small businesses, too

So, you think your business is too small to be of interest to hackers?

You’re wrong. So, so wrong.

Recent data breaches have hit large corporations and medical providers, and those organizations are constantly taking steps to beef up their cyber security. That’s smart; they know they are targets.

Those cases make headlines, too, because they typically affect millions of customers and cost companies thousands, if not millions, of dollars to address.

But attacks against smaller businesses don’t often make such a big splash in the news, so many small business owners don’t believe they are targets. But they are. Consider this, from an October 2017 report in USA TODAY:

“Just how big is the risk to small business? Big, very big. According to the Verizon Data Breach Investigation Report, 61 percent of breaches hit smaller businesses last year, up from the previous year’s 53 percent.”

And consider these numbers, from UPS Capital:

► A typical cyber attack can cost a small businesses between $84,000 and $148,000.

► 60 percent of small businesses go out of business within six months of an attack.

► 90 percent of small business don’t use any data protection at all for company and customer information.

Despite that, many owners of small businesses think they will be safe.

It is that very misconception that makes them attractive to cybercriminals. Crooks like easy prey, and businesses that don’t believe they will be attacked sometimes neglect to protect themselves adequately.

According to a recent Forbes report, however, many owners of small to mid-sized businesses mistakenly believe they are too small to draw the attention of cyber thieves. This is a big mistake. If your company handles credit card payments, or stores information about customers, then cyber criminals will want to get their hands on that information.

That information often is not secure.

One client hired Digital Forensics Corp. to investigate a Bitcoin theft. In doing so, we found out the stolen cryptocurrency was not the biggest problem the client had. We uncovered a weak firewall, servers and phone routers still using the default passwords they had when they were installed, important client information and employee passwords easily found on hard drives, no restrictions on employee network access or privileges and other internal security issues that basically left the company’s IT infrastructure wide open to attack.

The consequences could have been far more devastating than the loss of the Bitcoin. Hackers could have inserted malware or ransomware into the network any time. They could have shut the whole business down, any time. They could have added additional computers to the company’s network or listened into the company’s phone calls with clients or business partners, any time.

Unfortunately, we see those kinds of security issues with businesses quite often.

Digital Forensics Corp. can help detect such problems during a network security audit. We can do penetration testing to see if your network protections are up to speed against the latest hacking techniques. We can provide expert consultation on proper responses to a data breach or a network attack. We can help you put the right policies and procedures in place to prevent problems before they happen.

Just remember, no business is too small to draw the attention of digital thieves.

DFC cyber security services: Click here to learn more.

DISCLAIMER: This blog is designed for informational and educational purposes only. It does not constitute legal advice, and is not intended to create an attorney-client relationship. Further, your use of this blog does not create an attorney-client relationship. Online readers should not act upon any information presented on this blog without first seeking professional legal counsel. Legal advice cannot be provided without full consideration of all relevant information relating to one’s individual situation. For specific, technical, or legal advice on the information provided and related topics, please contact the author. The author apologizes for any factual or other errors in this blog. If you believe that some content is inaccurate, false, disparaging, slanderous, libelous, or defamatory, please contact the author directly at (StevenG.@digitalforensics.com). Information herein is provided on an “as is” or “as available” basis; we make no warranty of any kind to you regarding the information provided and disclaim any liability for damages from use of the blog or its content.