7 Reasons Your Small Business is a Hacker’s Dream
If you’re anything like me, you think you’re pretty smart when it comes to spotting a phishing scam or a suspicious email attachment. I don’t open emails from people I don’t know. But I did open an email that I thought was sent by Microsoft that had me fooled at first until I took a closer look at the URL of the link I was asked to click on and realized it wasn’t Microsoft. It was a darn good imitation of their logo and the grammar and spelling in the email were perfect so no simple giveaway there.
According to Symantec’s 2016 Internet Security Threat Report, in 2015, 43% of spear-phishing scams blocked by Symantec Corporation, a global leader in cyber security protection, were intended for small businesses. So why are small businesses a haven for hackers? Wouldn’t cyber criminals benefit more from attacking larger companies with loads of data and a lot more money than your small business? Not these days. And here’s why:
You think cyber security products are too expensive.
You’re a small business with a limited budget. And hackers know that too. But what you don’t realize is the financial devastation a cyber attack can cause for you professionally and personally. Cyber security and risk management expert, Bob Carver, CISM, CISSP, M.S. knows first-hand the carnage a cyber hacker can cause. His wife was a victim of identity theft and they spent months reporting to law enforcement and other agencies. He says, “Others not so lucky have had their bank accounts drained by cyber criminals, sometimes causing bankruptcy and possibly ending their businesses.”Losing your business to a cyber criminal could be far more expensive than investigating the cost of securing your computer system.
You think the bank will protect you.
You might be under the false impression that the bank will wave their magic wand and fix all the bad things the cyber criminals have done to your small business account. Bob Carver says, “If businesses do online banking as a business account, banks may have limited liability in protecting you if your computer gets compromised, the hacker sniffs your banking passwords and the cyber criminal siphons off all your money. If your banker won't guarantee the safety of your online account in writing, regardless of the reason (i.e. hacking) then you need to go back to paper transactions.”Online banking is so convenient that we’ve become complacent when it comes to the risks associated with online financial transactions. Hackers would rather you bank online than stand in line at the bank!
You don’t know you’ve been hacked until it’s too late.
Hackers can infiltrate your computer system in minutes but cause you months or years of heartache. It could take days or months before you realize you’ve been hacked. Meanwhile, the hackers have stolen your sensitive data, cleaned out your bank account, sold the data they stole from you and are ready to blackmail you to recover your own data before they destroy it or go public with it leaving you liable to potential lawsuits. Some insurance companies offer a whole host of cyber liability insurance coverages from third and first party liability to e-commerce extortion coverages to help protect businesses from financial ruin.
You’re too small so why would anyone bother you.
Don’t believe this myth. No company is too small to be hacked. According to Symantec’s 2016 Internet Security Threat Report, spear-phishing attacks on small businesses (1 – 250 employees) increased from 34% in 2014 to 43% in 2015.A security breach could cause a small business to lose customers and money, not to mention the business’s reputation. Work can halt for days if a business’s computer system is being held hostage by a hacker. Ransomware can lock a business out of its computer system and if the business makes the decision to pay the ransom to unlock the system, the key or code the hackers provide may not work – unfortunately you’re dealing with criminals.
Your employees are accidentally inviting hackers into your business.
Everybody in your organization has an email address, probably a cell phone and most likely active on several different social media platforms. Hackers are happily crashing the party as unwanted and dangerous guests.According to Symantec’s 2016 Internet Security Threat Report, the number of spear-phishing scams targeting employees increased by 55% in 2015!Cyber criminals send emails that look like they were sent by a legitimate company, ask for personal information or passwords and threaten you with an action like closing your account or denying you access to your account if you don’t click on a link or give the personal information they’re asking for. Employees are busy and hackers know it,so they hope you’ll slip up that one time and open the door for them to access your personal or company’s private information.
You don’t train your employees to identify cyber security risks.
According to the Anti-Phishing Working Group (APWG) Phishing Activity Trends Report 3rd Quarter 2016,229,251 unique email phishing reports were received by APWG from consumers.Spear-phishing scams are not always easy to identify and that’s what hackers are hoping for. If employees don’t know what to look for they could jeopardize your entire business. Misspelled words and bad grammar are often telltale signs that the email could be a scam.The sender’s email address may look strange. Teaching your employees to be suspicious of emails asking for banking information or passwords should be part of your overall training program. And training employees not to divulge passwords or private information over the phone shouldn’t be overlooked when putting together your cyber security training program. Consider limiting access to sensitive data to a select few employees to minimize the risk of a data breach.
You neglect to back up your system or have a disaster recovery plan.
How many hours a day do you spend at your computer? Multiply that time by all the employees in your company and that’s a lot of data being accessed and stored that likely includes customer information, financial data and employee records. Imagine walking into your office one morning, turning on your computer and discovering your system is being held hostage by ransomware? And then that sinking feeling in the pit of your stomach reminds you that you haven’t been backing up your system. According to Symantec’s Best Practice Guide To Small Business Protection: Back Up Your Small Business Information, small to mid-size businesses only back up 60% of their company and customer data. In addition, 42% of small business customers have stopped doing business with vendors because of unreliable computers or systems. So not backing up your system and not being able to restore your data could prove disastrous for your small business. Being proactive rather than reactive is key.
I’m glad I didn’t open that email link I talked about at the beginning of this article. Your small business could be a hacker’s dream but a nightmare for you if they gain access to your computer system! No company big or small is immune to the dastardly deeds of the cyber criminal. Take steps to keep your data safe and your business running smoothly now and not when it’s too late.