Hackers put a bull's-eye on small business



Less than 500 employees? You’ve got a 20 percent chance of being hacked, and if it happens there’s a good chance your business is finished.

Robert Strohmeyer at PC World wrote a great story on August 12, it illustrates exactly what I have been saying for a while now, and the topic of my book Cyberheist. He wrote about the CFO of a small chicago-based manufacturing company who fell for a phishing attack and more than $300,000 was taken out of the company bank account in minutes.
keyboard hand shadow resized 600

THey were lucky, found out about it quickly and fought like mad to get the money back. Not everyone is that lucky though. He makes it very clear that Small businesses constituted 31 percent of targeted attacks in 2012. According to the National Cyber Security Alliance, one in five small businesses falls victim to cybercrime each year. And of those, some 60 percent go out of business within six months after an attack.   

If you KNOW you are under constant attack, what would you do different? Here are some things that Strohmeyer mentions you can do about it:

"Safeguarding your company against security threats doesn’t necessarily mean hiring a full-time IT security pro for your small business. There are four simple steps any small company can take to protect against cyberattacks.

1. Use protection on every device: Regardless of the platform, use secure passwords and encryption on every device that touches your business, from phones and tablets to laptops and desktops. If the device supports third-party anti-malware apps like those from McAfee, Symantec, or Trend Micro, install one.

2. Run business-grade unified malware protection: Consumer antivirus apps aren’t sufficient to secure a business’s tech infrastructure. Business-class security suites offer multidevice protection that includes ensuring that all devices get regular updates and security patches. This is key, since 90 percent of attacks exploit outdated software bugs on unpatched computers.

3. Train your staff (and yourself) to practice good digital hygiene: Don’t use the same password on multiple accounts. Don’t follow links in email. Learn to spot phishing threats. Make sure everyone on your staff knows this stuff, and remind them often. (note, that is exactly what Kevin Mitnick Security Awareness Training does) 

4. Get a security audit and heed its findings: One of Technologyville’s clients learned this lesson the hard way last year when its financial services website fell prey to a teenage hacker who exploited open ports on the site’s server to take control of the company’s online presence. The security consultants had identified those threats in an audit for the company a year earlier, yet the company chose not to act until it was way too late. 

It's a great article and I recommend you read it in full.




Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews