In the News
On October 9, Nationwide released a survey revealing that 60% of small businesses (having fewer than 299 employees) have been hacked in the last year. Startlingly, the vast majority of them had no knowledge of the attacks until long after the fact. The survey indicates that a major weakness is simply the lack of knowledge of what constitutes an attack, since those surveyed only recognized cyber attacks after being given a list of the possible types such as phishing scams, trojan horses, and ransomware.
Small businesses are much less likely than medium sized or larger businesses to be prepared for attacks or have plans for recovery. They are far less likely than larger firms to have a dedicated employee or service tasked with monitoring for cyberattacks.
Recovery from cyberattacks is especially onerous for smaller businesses, due to the expense and time required. About 20% of victims surveyed spent $50,000 and took more than six months to recover, while 7% spent more than $100,000 and took more than a year to recover.
What this Means for You
Small business data, especially customer credit card numbers and personal information such as names, addresses, and Social Security Numbers, is just as valuable to hackers as that of larger businesses. Hackers are well aware that small businesses are more likely to be vulnerable to attack than larger companies.
Small businesses need to make sure that their computer systems are password-protected, are running up-to-date operating systems, and are armed with up-to-date antivirus and firewall software. They should ensure their data is backed up, whether locally or using a cloud service. It is also important to check that their insurance protects them from cyber risks.
The Nationwide survey indicates that vigilance is especially necessary for technology firms and manufacturers (or other companies with complex supply chains), since they are targeted more frequently. On average they sustained 40 attacks per company over the last year.
Inc.com’s Kevin Kerridge urges companies to create a written response plan to attack, and to make sure every person in the company understands their role. This “human firewall” is key in lowering the probability of an attack.
It Happened to Them, Don’t Let it Happen to You!
Thieves used a Trojan horse to capture the online banking credentials of PATCO Construction in Maine, stealing about $588,000 in less than seven days. Trojans are usually downloaded from emails, so do not open an email attachment unless it is an item you are expecting, from someone known to you.
This means that employee training is the most important thing you can do in order to reduce this threat. Companies like Phishme offer services that send fake Trojan horses to attack your employees. If they fall for the trap, it sends them to a 3 min training video.