This past week I was involved in a discussion where a small business owner asked a very common question. "Why would a hacker come after a small business like mine instead of a bigger business?" This is a question I get a lot.
The short answer is that smaller companies are generally easier targets. Larger companies put hundreds, thousands, or sometimes millions of dollars into combating cyber thieves. Small companies may not have the same quantity of data but the quality of data in a small business is generally just as good as in a large business. And these smaller companies often lack the technical expertise to protect themselves.
Ransomware on the other hand, isn't necessarily targeted at a specific sized company. Often those attacks are sent to millions of email addresses. Not all data is valuable simply because it contains sensitive information. If you opened a ransomware email and your wedding pictures were encrypted, how much would you pay to get them back?
Lastly for businesses that use a Point-of-Sale (POS) system, an infection could go undetected indefinitely. In the Target breach of 2013, there were over 40 million credit card numbers breached. Part of the reason the number was so high was that the POS system was infected from Black Friday through December 15th. A small business wouldn't have as many transactions but if their POS system was infected, it could take much, much longer to detect. In the meantime this system would be a fresh source or credit card data for a long time.
So what to do? Here's a short list of best practices for cyber security:
- Make sure all systems are patched monthly. Not just Microsoft updates but 3rd party apps (Adobe, Java, etc) as well.
- Invest in high quality anti-virus software and make sure it is updated daily.
- Invest in a business-class internet router/firewall that includes intrusion detection/prevention features. A business-class router is especially important if you offer guest Wi-Fi.
- If you have a POS system, segregate the POS network from other computer systems as much as possible.
- Have frequent backups of your data. In the case of a successful ransomware attack, recent backups will minimize data-loss and avoid having to pay the ransom which often results in data loss anyway. Who would have thought that you can't trust a cyber criminal? :-)
Some of this requires more advanced technical expertise than most small business owners possess so hiring a trusted professional to take care of it on a monthly basis is the safest bet. Cyber security has never been more important. The US National Cyber Security Alliance found in 2016 that 60% of small companies go out of business after a cyber attack. So think of cyber security as an additional form of insurance to keep your business, your customers and your reputation safe!
If you have any questions, comments or would like to learn more about how NeoCloud Consulting's seven-layers of security can help keep your business safe, please contact us today!