That’s a perfectly logical assumption. It seems we see another news headline every week about cyber criminals hacking the computer networks of a large, global enterprise — a major bank, for example, or one of the big online retailers. Sometimes even a government agency.
But we rarely worry that hackers or cyber thieves are also interested in targeting small businesses that get dwarfed in size — and revenue — by the Wal Marts of the world. Don’t make that mistake.
When LinkedIn gets hacked, it makes national news. But believe it or not, data security provider Symantec found that 31 percent of all cyber attacks in 2012 targeted businesses with fewer than 250 employees. (The report also found that this represented a big increase from the previous year, where just 18 percent of attacks were leveled against small businesses.)
Even worse: An August 2013 story in PCWorld points out that of those small businesses whose systems are breached, roughly 60 percent go out of business within six months after the attack. And in this Huffington Post blog, j2 Global's Mike Pugh talks about the realities of Cyber Threats for small businesses.
Why do cyber crooks target small businesses? Maybe they assume, often correctly, that stealing data from a small company can yield backdoor access to the networks of larger companies.
And maybe hackers also assume that smaller firms don’t put as much data security in place as do the big firms. That’s a reasonable assumption, actually, when you consider that Symantec has also found an incredible 66 percent of small businesses do not worry about cyber attacks. In many cases hackers can be confident that an attack on a small business might net them valuable electronic information, without much effort or risk.
Regardless of the hackers’ motives, you need to be aware of the ongoing threat they pose to your business. October is National Cyber Security Awareness Month — as good a time as any to review some basic data-security protocols.
1. Restrict removable media
Every time your staff places your proprietary data on a USB drive or external hard drive, they’re creating a potential vulnerability point — a chance for a breach when that data is placed elsewhere (say, on their laptop), and again when they introduce the device back into your network. Restrict this whenever possible.
2. Create smart passwords
Incredibly, one tried-and-true method for hacking a system that still works is to walk right in using an easily-discerned password from an employee. (Names, birthdays, even “password0123” are all still common.) Read this terrific article on slate.com about how to generate a strong password.
3. Protect your voicemail
An increasingly common data-theft method is to hack a mobile phone and steal sensitive information through voicemail. Virtual phone solutions like eVoice (a sister company to eFax online fax) use virtual business phone numbers that forward to any number without the caller seeing it — so you can keep your personal number private. You can also review your voicemails securely online, and prevent them from being hacked on your mobile phone — because they’re not stored there.
So, while you're focusing on being profitable, don't forget to be safe.