What Hackers Target In Small Businesses

by

Hackers today have many ways to attack small businesses and business owners. Many attempt to use technology to send malware, viruses, or phishing attacks; or use information to con owners and employees into handing over more information than they should.

One or more of these techniques can be combined with gaining physical access to steal from vulnerable firms. Identifying precisely how criminals target businesses and what they deem most valuable can help to protect from the most devastating attacks out there.

Remaining vigilant and informed is one of the most vital things you can do as a business owner to protect your assets and reputation.

Extortion

Different types of attacks tend to rise and fall in popularity. Fifteen years ago, computer worms were the most common attack that businesses faced. Security software wasn’t as advanced or as widely used at it is today. Computer worms were, at the time, an exceptionally low-cost and efficient way to inflict the maximum amount of damage for minimum cost.

Today ransomware has seen an unfortunate boom in popularity. This technology aims to encrypt the target’s files on their personal computer. This technique denies the victim access and charges a large fee in exchange for the key to retrieve the victim’s own data.

The attack has worked so often because it requires minimal effort and can be used again and again. Many businesses have no option but to pay because the data is worth far more than the ransom demand the hackers have made.

The best defense against ransomware attacks, in addition to strong online security, is an up-to-date offsite backup — one that is tested to work reliably.

Targeting Customer Records

One of the most important things for your firm to take care of is your customer data records. Records which include names, dates of birth, and other personally identifying details. These details are extremely valuable to hackers or criminals who, either use them personally or sell them on to someone who will.

Many regions have strict laws and guidelines about how this information must be stored, accessed and protected. Failing to follow these can result in severe penalties that could devastate any company.

Targeting Financial Information

Like personal information, a small business must take extreme care when storing customer financial information. Sensitive details such as credit card or banking information are a key target for hackers looking to steal money fast.

The impact on your business reputation following a breach of financial data will be severe and devastating. Even a simple mistake can require years of advertising and great PR to repair. Many firms have failed to recover after losing the trust of their customers.

Social Engineering

Most firms today run good IT security packages to protect against online attacks and other forms of malware. Attackers often know to take their methods offline to achieve the best results.

Whether posing as a supplier, customer, or interested party; attackers can seek to gain information that you may be less than willing to hand over to a stranger. Small businesses can often be used to gather information on vendors and suppliers they do business with in order to attack them too.

Be particularly cautious of the information you provide when discussing business with individuals you haven’t spoken to before.

Keeping Small Business Safe

Each of these targets and attacks are just some of the most popular and hard-hitting attacks out there now. The list is forever changing, and the methods we use to protect against them always needs to change too.

Some can be defended against with great security, backups, and software. Others, such as social engineering, need you and your staff to stay up-to-date and remain vigilant about the major attacks affecting small business today.

If you need help tightening your businesses security, give us a call at (515)422-1995.

Is Your Physical Security as Good As Your Cybersecurity?

by

Headlines are often made by firms that have been hacked by “elite” cybercriminals. These events sound high tech, sophisticated, and interesting. The truth is almost always an amateur attacker chancing their luck with an unpatched security hole or bad password. Physical break-ins affect businesses far more commonly and cause much more damage, but get talked about far less.

Similar to technology hacks, most physical security threats come from criminals that chance their luck on businesses that look poorly secured. On a rare occasion, they may strike a business owner that has forgot to lock up or failed to set the security alarm.

By breaking in, these criminals exploit poor physical security to cause damage and steal valuables. Typically, by destroying or taking critical assets, a criminal may make a few hundred in profit while the total damage done to the business is counted in the tens of thousands.

While most IT security packages act automatically and always remain on, physical security needs to be made a daily habit and require periodic updates.

Threats Starting from Within

Every business should have secure locks protecting their doors. Many use an alarm system to add protection to valuable assets. However, there are common threats that neither of these can protect you from. How would your business be protected if the attack came from within your firm?

A disgruntled employee, or even a former employee, can do an enormous amount of damage to a business. Attacking their own business, an employee can likely do more damage during the day than a criminal could breaking-in overnight. Misplaced trust in the wrong individual can result in devastating consequences.

Employees typically have access to one of your business’s most valuable assets: data. A criminal may steal computer hardware to sell on for quick cash because most don’t fully understand the value of the data stored on it.

The value of the data in a business machine can easily exceed the cost of the hardware one hundred times over.

Physical Security Heists

For criminals who do understand the value of data; physical security can be the weakest spot in a business’s armor. In 2013, media streaming service Vudu suffered a break in where criminals stole server hardware to obtain credit card information stored within.

A technology savvy streaming firm is highly likely to have up-to-date IT with excellent security measures. Thieves looking for easy cash recognized that the best way to get to the data was through their comparatively weak physical security.

The best security packages in the world are completely infective if the keys are left in the door and physical hardware is easy to remove. This challenge of securing your data can be made even more difficult when using a location that must remain open to the public.

Securing Your Data with Good Security Practices

Keeping your customer data safe is one of the most significant responsibilities small business owners take on. It requires a duty to employ the best possible security practices to keep your customers safe. For a customer to have the trust to use your business over the competition, they have to see their concerns put to rest.

Locking down data access for employees so they can only view and edit what is strictly needed, protects both customers and the business against many kinds of damage; both accidental and malicious. Limiting device access, such as disabling USB ports to thumb drives or storage devices, helps to prevent data being copied and carried offsite.

Physically locking down a server in the location it sits is one of the best deterrents available to prevent against theft. Locked server racks are an excellent piece of physical security that works on top of the building security already in place.

Make sure your business is up to the task of securing its data. Give us a call at (515)422-1995 to audit both your digital and physical security.

Click to see our BBB Report

VISIT US