How is it that a giant company like Target was the victim of one of the biggest computer hacks in history?
Blame a small business.
If you are at all like me, when you heard a couple of years ago that Target had been hacked to the tune of some 75 million customers accounts, you had to wonder how such a big corporation with the attendant security protocols and protections could have been vulnerable to cybercrime.
Well, it turns out that Target was in fact well protected and did much to safeguard the confidential information (credit card numbers, etc.) of its customers. In fact, the bad guys knew this, but also knew that small businesses as a whole do not take cybersecurity very seriously, don’t have much software protection at all, and as such, are the ones who are most susceptible to cyber attacks.
In the case of Target, the hackers used that knowledge to find a vulnerability in the computers of one of Target’s small business vendors and stuck malware there. Then, when the small company logged into the Target system to submit its invoice, the malware infiltrated and infected Target’s system.
In most cases, when a small business is a victim of cybercrime, it is the one who is usually the victim. Take for example the surf shop in California that had its customer database erased and its bank account bled dry. It went out of business. That is typical, common even, when you consider that 60% of all cybercrime is now directed at small business and last year, and 5,000 new phishing, viruses, and vulnerabilities were discovered by IT experts. Over $100 billion was stolen from small business via cybercrime in the past year alone. One expert calls it “The biggest crime spree in the history of America.”
Cybercrooks attack small businesses in many different ways:
- In one common tactic, “crypto-locker” software is installed on the small businesses computer, locking it up. Unless the victim pays a ransom of around $500, the database is destroyed.
- In another scam, “keylogging software” is surreptitiously installed on the computer and when the owner logs into, say, his bank, the keystrokes are recorded and later used to drain the account.
- Another common tactic is to set up phony social media sites in order to hijack a businesses’ social media accounts.
Think about what you have secured on your office computers, what you need to protect: Your customer accounts, credit card numbers, bank account info, intellectual property, and much, much more. You simply have to take cyber security seriously now, this month and every month.
Here are a few things you can do to protect your business:
- Know that you are a target: Because of social media, it is easy for a criminal to find out a lot of very personal information about you. They use this info to create trust. For example, say you get an email from someone with a link and it says, “Our mutual friend Bill Bellamy says you love The Beatles too. I thought you might like to see this rare footage.” You click the link, only it’s a faux site, infected with malware.
- Practice good password management: You know the drill, but do you do it? Having the same password on all of your accounts is very dangerous, and not having a good mix of characters and letters is equally shortsighted. A good software system can create and log secure passwords for you.
- Get good cybersecurity software. The most important thing you can do is to install a suite of cybersecurity software on your computer, mobile devices, everything. Do it. Now.
And here are some additional cyber tips from the FBI
Cyber Tip #1: Protect Yourself with Two-Factor Authentication: Two-factor authentication, or TFA, adds that second level of protection. TFA is a technology that increases security by incorporating requirements beyond something you know (your password). Along with something you know, TFA can also include something you have (a dynamic token or PIN), something you are (a particular biometric), or somewhere you are (your location at the time of authentication).
Cyber Tip #2: Be Vigilant with Your Internet of Things (IoT) Devices: Understand your IoT devices. Many come with default passwords or open Wi-Fi connections, so change to a strong password and only allow the device to operate on a network with a secured Wi-Fi router.
Cyber Tip #3: Defense in Depth for the Every Day User: protect your mobile devices from cyber intruders in public places. If you login to a WiFi hotspot at your favorite coffee house, airport, or hotel, remember that not all hotspots have strong security protections.
Cyber Tip #4: Social Media and the Use of Personal Information: Criminals who troll social networking sites looking for information or people to target for exploitation run the gamut—from sexual predators, hackers, and financial fraudsters to business competitors and foreign state actors.
There are several ways you can minimize the risks associated with posting information on social networking sites and the subsequent theft of more sensitive data, from using two-factor authentication and monitoring your children’s use of the Internet to never clicking on a link embedded in a social media message or e-mail.