Guide to Cybersecurity for Small Business

Types of Hacks
The Cost of Cybercrimes
EMV Compliance and the Small Business Owner
How You Can Boost Your Security
Securing Data for Your Small Business

When newscasters want to add a shock factor to their broadcast, one of their go-to topics is “data breaches.” Every few weeks, it seems like a different massive corporation has been attacked by hackers, either domestic or foreign. When you think about it, it makes sense. Corporations keep their customers’ personal information all on a “cloud” now — that is, a network of servers that can be accessed anywhere, anytime – by users, but also in some cases, by hackers. These servers often have the best security available, and for good reason. It’s where information like credit card numbers and even Social Security numbers are stored. So if hackers can get past the security to get to that information, they could potentially be set for life.

Those mega-corporations’ cloud servers have the information of potentially millions of customers, making them prime targets. But small businesses aren’t immune. Small-time hackers love targeting local business owners, and for good reason. Those businesses typically have very low security guarding crucial information. Between dealing with ransomware and other types of malware, small business owners can and do end up emptying their bank accounts to meet the demands of hackers.

Less than 1 percent of all cyber-criminals are caught and brought to justice. Even with the FBI and other agencies on these cases, it is often downright impossible to locate these hackers. As such, your best bet is to ensure your security is up to snuff to defend against attackers. A simple antivirus simply doesn’t cut it anymore when it comes to preventing cybercrimes. It’s important to know how the attacks will come, what they could cost and how to make sure you don’t fall victim.

The Most Common Types of Hacks

It seems like new techniques to gain access to your most sensitive data are created on a daily basis. Luckily, the right cybersecurity system can stop most malicious attacks. However, there are some that seem to get through more than others. In fact, you have a 26 percent chance of being breached over a 24 month period. While some of these hacks require you to activate them (such as by clicking on a link), others can happen without your knowledge. Here are the five most common attacks small business owners may face:

  1. Ransomware: Malware is perhaps the most common type of hack used against small businesses. It usually requires you to download and open a seemingly innocent software, which turns out to be a virus. A good antivirus software can often prevent you from downloading such software, but some viruses are more sneaky. One particularly damaging type of malware is ransomware. It accesses every bit of your computer and locks it down, then demands you send money to the hacker in order to unlock it. In some cases, a message will appear that you’ve committed a crime, and the “authorities” are demanding that you pay a fine in order to gain access to your PC again. Of course, this message is not authentic, but many frightened business owners pay it anyway, just in case.
  2. Other malware: Other kinds of malware, like trojans, do not demand that you send money to the attacker. Rather, they simply access all of your data and send credit card information, etc. back to the hacker. This is often done with a “bait and switch.” That is, you would download a program that seems legitimate and authentic, and may act as such even after it’s installed. However, the hacker now has unbridled access to your PC behind the scenes.
  3. Poisoning the Waterhole: While most hackers work remotely to avoid being caught, others will visit your place of business to carry out their attacks. One such attack is called the “waterhole attack.” They access the Wi-Fi in your business that you use and figure out what websites you and your business use most. Once they figure that out, they infect that website with malware, thereby infecting your PC and, potentially, the rest of your company’s computers. If you use public or unprotected Wi-Fi, this attack is much easier.
  4. Phishing and ClickJacking: When you visit websites, especially unsavory ones, it is imperative you know exactly what you are doing. Unwary business owners often fall victim to phishing and ClickJacking. In phishing schemes, hackers create a spoof website that is identical to an authentic one. When the user tries to login on the fake site, the hacker gets the information for the real one, thus gaining access to that data. ClickJacking, on the other hand, involves placing fake download buttons around an authentic one for a piece of software. Those buttons lead to sites that are designed to steal information.
  5. Keyloggers: Keyloggers do exactly what they say: they track keystrokes and store that information on your PC. This software is often used as malware to gain access to your personal passwords and other data. Hackers then access this data, along with other information on your PC, to gain access to bank accounts and other websites with your personal data on them.

It’s important to dispel a couple of rumors about cyber-criminals. First, what do you envision when you think of hackers? If you imagine a kid in a dark room behind a glowing monitor, you are only partially right. While those hackers exist, there is no single demographic that defines hackers. Second, there is a myth that has circulated for decades now that Apple products don’t get viruses. It’s simply not true. Macs get viruses just as easily as Windows computers. But, since 90 percent of the world runs on Windows, it’s simply good “business practice” for hackers to attack those computers instead.

Tech/Security Infographic

The Cost of Cybercrimes

Hackers do more than waste time and provide an ample supply of headaches. It can cost businesses thousands of dollars to repair the damage done. This cost is most obvious in ransomware cases. Some small business owners have been all but bankrupt by the costs of regaining access to their computers. Unfortunately, many of these business owners are unaware that there are solutions, some even free, that can remove ransomware and other malicious software. Instead, they choose to simply pay the attacker and try to move forward with their lives.

When it comes to customers’ data being hacked, the costs can skyrocket. On average, an attack on information costs about $160 per record. For retailers and other small businesses, the cost for each breached record can cost over $170. So, if you have 150 regular customers for your coffee shop, you could be looking at damages of at least $24,000. When large corporations are included in the statistics, the average cost of an attack is $4 million. That’s up nearly 30 percent over 2013 figures. Why the increase? Because more attacks than ever are malicious, which cost more to repair.

But the costs of being hacked and having data exposed goes well beyond just repairing systems. When a customer’s personal information is breached, they are far less likely to come back to your business. This factor, called the churn rate, can cost hundreds of dollars per record breached. Since 2013, churn rates increased nearly 3 percent. Rates were higher in the health, technology, service, life science and financial industries. Hiring a chief information security officer saves about $7 per record, but those savings don’t outweigh the costs for small businesses.

EMV Compliance and the Small Business Owner

Perhaps the easiest and most common data stolen is credit and debit card information. With this data, criminals could simply use that “card” everywhere, especially for online transactions. Recent legislation from the federal government has made that all but impossible by enforcing the use of EMV chips. However, while these regulations have increased security when it comes to customer data, they have made it more difficult for small businesses to operate effectively, especially if there is an instance of fraud in their shop.

Nearly everyone with a credit or debit card was issued a new one by their bank in the past year. The new cards contain an EMV chip, which is much more secure than the traditional magnetic strip. That strip holds unchanging information regarding your account. If it is skimmed or the data is otherwise stolen, it can be used over and over. The chip, on the other hand, creates a unique code for that transaction, a code which can never be used again. So, if a criminal does steal that information, it’s practically worthless to them.

While this is great news for customers, the burden of changing over to hardware that accepts EMV chips has fallen on business owners. Most businesses were given until October 2015 (except gas stations and e-commerce sites, which have until October 2017) to switch over to new hardware. After that deadline, they became responsible for nearly any instance of fraud and chargebacks --- that is, demands that and fraudulent uses of a card get paid back.

Chargebacks were once the responsibility of the card provider, but if fraudulent charges occur in a shop without EMV2-compliant systems, that business owner will likely now be responsible. So not only are small business owners responsible for buying new hardware, they are also responsible for the hundreds of thousands, or even millions, of dollars in liability if a breach takes place on their credit card equipment. However, converting your small business over to an EMV2-compliant system does not have to be a hassle. We can help.

How You Can Boost Your Security

While converting to EMV2-compliant hardware can be pricey, it is much cheaper than being responsible for any fraud in your shop if you are running on an outdated system. But when it comes to other kinds of cybercrime, small businesses simply don’t have the resources that massive corporations do to fight it. The good news is, that doesn’t necessarily mean you are left vulnerable to hacking. There are a few steps you can take to protect yourself and your company.

First, spread out your accounts. Relying on one bank account for all of your business needs means a hacker just needs one password to take over. Rather, set up a series of accounts for checking, payment and holding. Then, have a separate account for operating cash, and don’t share that account number with anyone. That way, writing a check or paying someone doesn’t give them access to the main account.

Second, be careful about who has access to your networks. If you provide Wi-Fi for customers, make sure it is a separate access point than that of the computer on which you store customer information. That network should be encrypted and secured with a complex password; a password generator may be beneficial for this task. Better yet, use wired internet access for computers that store sensitive data. Information on an ethernet network can only be accessed by devices that are directly plugged in, thus increasing security.

All of this comes down to one simple principle: If you can’t secure customer data, don’t store it. How much information do you really need from customers? If it’s not important to your business, don’t save it. If you do save data, consider how long you need it for. Leaving sensitive information on a server for long periods of time means it is more susceptible to being compromised at some point. An easy solution is to save data long-term on physical devices like thumb drives, which can be secured in a safe or a safety deposit box.

Securing Data for Your Small Business

Though data security is an often-overlooked factor in starting and running a small business, it is one that can ruin you if it is mishandled. While large companies usually have IT departments to handle any issues, you likely don’t have the resources on hand to hire an employee just for that task. The good news is, you don’t have to. We can help.

CTA: Don’t Let Data Security Be Your Downfall

Let Company.com take care of all of your IT needs, from setting up secure networks and EMV2-compliant systems to eradicating viruses and other malware. Contact us today to learn more about how we can help you confidently store your customers’ information and keep your business running smoothly.