Computer security is often one of the last things on the mind of small business owners, especially those who focus on a local market and have less than 10 employees. When you’re struggling just to get local attention, why would international cybercriminals even know about you, let alone target you?
Hackers from all over the world can and do target small businesses. There are two primary reasons why:
Certain types of attacks are blasted out indiscriminately to as many businesses as possible, and small businesses may be more susceptible to falling victim as their security measures and policies are not as up to date as those of their larger competitors.
The second comes when hackers specifically look for small businesses, again in the belief that their security will be lax as compared to larger and more high-profile targets.
While your business may not be sitting on millions of dollars in assets for hackers to steal, you still have items of value to them. Hackers are more than willing to steal small amounts of money if the effort needed to do it is low enough. And you’re also likely sitting on data that is valuable to them, particularly customer data such as social security numbers or credit card numbers that is key to identity theft.
Here are three real-world examples of businesses with less than 10 employees that fell victim to cybercrime and faced a long, difficult battle to recover.
1) Maine Indoor Karting
A go-kart track is far from the first type of business you think of when the subject of cybercrime comes up. Don’t tell that to Rick Snow, however, owner of Maine Indoor Karting. Snow testified to the House Small Business Committee about his experience, in which he clicked on a phishing email that appeared to be from his bank. Snow followed a “spoofed” link that appeared legitimate and entered his login credentials, and two weeks later found that his business bank account had been completely drained of funds. He would also go on to experience multiple incidents of fraudulent attempted use of his business credit cards by unknown parties in the following months.
Credit repair service CreditNerds had a brush with malware, apparently installed by a malicious actor targeting the business and using software exploits to do it. Even though the malware did not end up compromising any personal data of customers, the site still experienced major losses as Google quickly flagged it as “potentially hacked” in search results and malware scanners started warning internet users against it. Not only did he lose an estimated $9,000 of business during the 10 days it took to clean the issue up, it also represented an expense of $3,500 to take the site down and create a new one with a different hosting provider.
3) Rokenbok Education
Toy company Rokenbok had a brush with malware just in time for Christmas. The company was hit with ransomware, an attack that locks off vital files using encryption and then demands one or more payments in order to get the password to unlock them. There’s no guarantee that the criminals will actually provide the password after payments are made, and if they do it can take weeks for them to reply. Rokenbok was fortunate in that they had robust backups, the only real countermeasure to a ransomware attack, but it still took their site offline for four days as their database files were reconstructed and cost them thousands of dollars in lost revenue.
Attacks like these are particularly hard on small businesses, who often do not have the resources to absorb extended periods of downtime. A 2016 study by the United States National Cyber Security Alliance found that about 60% of small businesses hit with a cyberattack go out of business within six months. They are also now the majority target of such attacks, with about 4,000 businesses targeted per day.
Tie National provides a broad range of both remote and on-site IT services, including security solutions specially tailored to small businesses. Contact us to learn more.