Companies that provide security and other technology services to most businesses say they’ve had an increase in calls from customers since Equifax revealed that the personal information of 143 million Americans had been exposed. The hack galvanized some owners into dealing with long-delayed issues.
Small businesses often lag behind big companies in data security – often believing they aren’t likely targets. But 61 percent of the victims of breaches in 2016 were businesses with fewer than 1,000 employees, according to a Verizon survey. And experts say small companies are being targeted more because they are low-hanging fruit.
Equifax says its systems were breached after it failed to correctly install a software patch designed to eliminate a specific vulnerability. Applying patches as soon as they’re available and watching for new ones are critical for a company to protect itself, most experts say.
But many small business owners get caught up in the day-to-day of running their business and don’t pay enough attention. Many don’t have the staff, or haven’t hired vendors to monitor technology, and have no plan to improve their security.
It’s too late to plan when your company is in the middle of a crisis.
Small businesses can be harmed by cybercriminals in a variety of ways. Here are some companies’ experiences:
One company in New York used a customized, cloud-based calendar for customer appointments. Employees began noticing disappearing appointments or mysteriously changed dates. The problems persisted for about a week, stopped and started again. Then suddenly, four weeks of appointments vanished. It turns out the calendar app was vulnerable to hacking, and someone was able to log in and erase the appointments.
The hack cost the company thousands of dollars in lost revenue. Even though they were able to recreate part of the calendar, most of the appointments were lost. Some frustrated customers didn’t reschedule, turning instead to the company’s competitors.
A Wrong Click
An unsuspecting employee at another company, clicked on an attachment in an email nearly a year ago and soon found all of his business data files were encrypted and unable to be used. The latest victim of ransomware – a malicious software that hackers plant, hoping to extort money by holding a user’s files hostage until they’re paid a ransom.
The company avoided paying the ransom because the Los Angeles-based company’s files were backed up on a secure online service. There are many great tools and training methods available to help companies thwart most potential cyber threats.
Overwhelmed By Malware
Hackers got into the website of another company just a month before the firm’s busy season was to begin. When website manager called the company that hosts the website, she learned there were 100,000 pages of pornography on the site. This was a crisis: 90 percent of the company’s business is done online.
The owner contacted a computer security company that began removing malware from the website, a process that took two days. By the third day, the company was back in business again. Management estimates it took six weeks for the number of visitors to the site to return to normal.
“Fortunately, it was very early in the season. If this had happened in March, it would have cost us hundreds of thousands of dollars in lost revenue,” the owner stated. The security firm now monitors the site, watching for signs of another attack.
Small businesses can become victims after hackers invade larger retailers like Target or Staples and steal credit card data, or if information is stolen in other ways. A customer brought a laptop to a PC repair shop for a screen repair and paid with a credit card, signing on an electronic signature pad. That night, the owner got a text from someone else asking why his card had been charged. The card was counterfeit, and the business was out $650. “His credit card, although still in his own wallet, was somehow ripped off by this fake customer,” The business owner said.
The owner now says he’s careful with emails that likely have phishing links or that ask if he’ll do cash transactions, a hallmark of fraudsters. His website has safeguards against credit card crime. After this incident — not the first time he’s been a fraud victim — the company monitors transactions closely, usually sending test charges to card issuers to be sure a card is legitimate.
Managers at a wholesaling firm got a notification from one of its software programs that someone was trying to access its data without authorization. None of the business software company’s information was stolen, but “it woke us up to the vulnerabilities that a small business has,” the manager said.
The company conducted “their own NCIS work” using social media to figure out that an employee was responsible, and was trying to use the information to do his own deals. The company now uses software that tracks the movements of everyone using its systems.
Make sure that if you don’t have the capabilities on staff to manage your company’s cyber liability, that you hire a firm to assess and manage cybersecurity for your business!