A Seattle company was recently broken into and a stash of old laptops was stolen. Just a typical everyday crime by typical everyday thieves. These laptops weren’t even being used by anyone in the company. The crime turned out to be anything but ordinary when those same thieves (cyber-criminals) used data from the laptops to obtain information and siphon money out of the company via fraudulent payroll transactions. On top of stealing money, they also managed to steal employee identities.
Another small company was hacked by another “company” that shared the same high-rise office building with them. Management only became aware of the theft once they started seeing unusual financial transactions in their bank accounts. Even then, they didn’t know if there was internal embezzlement or external cybertheft. It turned out to be cybertheft. The thief in this case drove a Mercedes and wore a Rolex watch… and looked like anyone else walking in and out of their building. Welcome to the age of cybercrime.
You Are Their Favorite Target
One of the biggest issues facing small businesses in the fight against cybercrime is the lack of a cyber-security plan. While 83% lack a formal plan, over 69% lack even an informal one. Half of small business owners believe that cybercrime will never affect them. In fact, small businesses are a cybercriminal’s favorite target! Why? Small businesses are not prepared and they make it easier on criminals.
The result? Cyber-attacks cost SMBs an average of $188,242 each incident and nearly two-thirds of the businesses affected are out of business within 6 months (2011 Symantec/NCSA Study). A separate study by Verizon showed that over 80% of small business cybercrime victims were due to insufficient network security (wireless and password issues ranked highest). With insecure networks and no formal plan to combat them, we make it easy on the criminals.
How They Attack
The #1 money-generating technique these “bad guys” use is to infect your systems with malware so that whenever you (or your employees) visit a web site and enter a password (Facebook, bank, payroll, etc.) the malware programs harvest that data and send it off to the bad guys to do their evil stuff.
They can get to you through physical office break-ins, “wardriving” (compromising defenseless wireless networks) or e-mail phishing scams and harmful web sites. Cyber-criminals are relentless in their efforts, and no one is immune to their tricks.
5 Steps To Protect Your Business
- Get Educated. Find out the risks and educate your staff.
- Do A Threat Assessment. Examine your firewall, anti-virus protection and anything connected to your network. What data is sensitive or subject to data-breach laws?
- Create A Cyber-Security Action Plan. Your plan should include both education and a “fire drill.”
- Monitor Consistently. Security is never a one-time activity. Monitoring 24/7 is critical.
- Re-Assess Regularly. New threats emerge all the time and are always changing. You can only win by staying ahead!