Small Businesses are Easy Pickin's for Hackers

Do you have a Mom & Pop business, a medical clinic or dentist office, a company with less than 100 employees? Think hackers see you as small potatoes and only go after the big boys, the Fortune 500 behemoths? Think again. Small potatoes, maybe, but easy pickin's, definitely.

A message no business, large or small, wants to see on their monitor

The hacker's rewards go from a small ransom for returning your data to siphoning hundreds of thousands of dollars out of your bank account. The Palo Alto California police department reports that hackers breached a dentist's database and instead of using the data for identify theft purposes are simply restricting the dentist's access to some xrays and notes until he pays up. Sgt. Reifschneider says “This type of cyber attack is not unusual in the IT world. The hacker typically freezes or corrupts data and generates an automatic message” which demands money.

Small businesses are targets for credit card theft as well. Visa estimates that their small business customers account for around 95 percent of the credit-card data breaches they deal with. Verizon Communications Inc's forensic analysis unit analyzed 855 data breaches world wide last year and found that the bulk of the intrusions, about 72 percent, happened to small companies employing less than 100 employees.

These illegal activities result in loss of money, data, intellectual property or the ability to conduct day-to-day business. The Verizon Small Business Center reported that cyber thieves hacked into the records of Lifestyle Forms & Displays and generated multiple wire transfers from their bank account to three major US banks and one in China totaling over $1 million. Cash isn't always what thieves are after. Small retail stores with point of sale software are vulnerable to attack. Information from a customer's credit card payment can slip into unscrupulous hands from your cash register.

Like a three pronged pitchfork, a cyber attack has three chances of hurting your business. Internal disruption of the company business and external damage to its reputation, government regulations that make you liable for fines because of your non-compliance, especially for health care organizations, plus consumers' law suits. Even if your company doesn't access the internet, lost or stolen laptops are one of the biggest areas of compromised data. Back up tapes en route to a storage facility have also been known to be the target of thieves. Consumers may sue you for negligence, failure to protect their data, unreasonable delays in notifying them of the loss, and even for lengthy suspension of services.

Cyber security was included as one of the top five global risks for companies in 2011 at the World Economic Forum in Davos, Switzerland. Participants warned that increased use of cloud computing and mobile devices can make corporate data more vulnerable to attack. Yet the small business community thinks it is safe. They mistakenly think it is the big corporation that is in the hacker's sights.

Insurance companies are offering network/privacy/cyber risk policies. Previously considered too expensive, more companies are considering such policies a necessary expense of doing business in today's world. A side benefit of so many policies being written lately, competition among the insurance companies is driving down the cost of these protections. An insurance policy can cover the cost of forensic investigations, notification of affected third parties, call centers to field all the incoming questions and concerns, a PR firm to do damage control, and legal defense.

Writing in Corporate Compliance Insights, Dan Hanson lists 4 myths that keep small business owners from taking the warnings seriously:

1: We really don't hold any confidential information.

2: We use a third party vendor so we do not have the exposure.

3: Our IT Department assures us that we do not have any exposure.

4: Hackers only attack large companies.

He expands on these myths and gives some suggestions for protecting your business. Worth a quick read if you are now more concerned about your business than you were when you started reading this article.